The key to success is understanding the core elements of risk management and how to plug them into existing processes without creating another layer of overhead. For example, the ISO 31000 risk management standard outlines a five-step process for formalized risk management. Look out for my next book, Introducing ERM To IT Security And Risk, to be published in the next few months. And as always, I welcome any questions or feedback from clients who have gone through these steps. In the meantime, I encourage you to listen to this podcast to hear about best practices.”]
Source: https://www.csoonline.com/article/2136063/enterprise-risk-management-for-it-security.html