- Published on Thursday, 06 December 2012 16:58
- Written by Mike McClain, Web Editor
In the broad spectrum of activities which might be called Information Security, we must always first and foremost implement, execute and follow through with risk management. Risk management is the backbone or foundation of any good information security program.
Risk management is really just going around, taking a look at the way things are set up, processes, policies, from what ports are open on the firewall to what rules are set on your antivirus client. Risk management is a process of inventorying the existence or state of things, reviewing all this against your knowledge, expertise, research and maybe even some tools, to determine if we're doing things the right way or not.