4 December 2014 at 2:15pm
For many if not most organisations information security risk management is a new and relatively immature activity that they are still discovering and learning more about. This can mean that the results of the activity can be imperfect. As we learn we can improve the process to better fit the requirements of the organisation but in the meantime we need the ability to deal with flawed results. Some might even go a step further and propose that most risk management methods are inherently flawed and don't go far enough to investigate and measure the root causes of risks.
Subscribe to iso27005