Sten Eikrem · @Storesteinen
43 followers · 67 posts · Server infosec.exchange@fifonetworks I agree that the explanations in most certifications are bad. I'm currently working on #cRISK and the language there is at the best of times unnecessary heavy and complicated.
I find it sad but understandable that respected online dictionaries can't tell the differences as well. Most folks can't. Its just a fact.
However would you agree that a common language and understanding of #risk terms is crucial to have a meaningful common discussion on what to do and what to prioritise in #cyber?
Unfortunately this is not my experience, even in the same organisations and teams.
This makes meaningful discussions in a topic already complex almost impossible.
From what I've come to understand over the years is that #threat (and related #threatactor (s)) is just one building block or component of #risk. The other ones is the #asset #control #vulnerability and #Lossevent / #impact.
If you cannot describe these building blocks together, then you don't have a #risk. You have something else, an #threat #lossevent #issue, #controldeviation #problem #a-thing #something. #a-list-of-things-todo
But please do not call it a #riskregister.
When looking at the average #riskregister this is what most of them contains just that - #things.
#crisk #risk #cyber #threat #threatactor #asset #control #vulnerability #lossevent #impact #issue #controldeviation #problem #a #something #riskregister #things
Sten Eikrem · @Storesteinen
36 followers · 42 posts · Server infosec.exchange
Interesting take on #Risk #Ownership.
https://normanmarks.wordpress.com/2021/10/15/who-owns-and-is-responsible-for-a-risk/
Is risk ownership clearly defined in your organisation?
#RiskManagement #Cybersecurity #Governance #Management #ISACA #cRISK
#risk #ownership #riskmanagement #cybersecurity #governance #management #isaca #crisk