The Journey from Unmanaged to a Managed Risk Management Program

Contributed by Kevin Thompson
 
Over the five years my organization has pursued becoming more organized in their information security program. To develop an effective program, the organization must start with the basics. Identify and categorize all company assets to effectively apply desired controls later in this process. Next, you must identify reoccurring maintenance windows and communicate with the asset owners to ensure maintenance awareness. Identify and configure security applications that will apply remediations. Identify and decommission all stale assets to eliminate unnecessary risk in the environment. Once all the previously mentioned steps are complete the security management program is at the beginning stages to become an effective tool to lower risk in the environment.
 
This document is in PDF format. To view it click here.

Rate this article: 
Average: 5 (1 vote)