Assess, Control, Monitor & Respond
It's that simple - and it is important to keep that in mind. Operational Risk is a very complex discipline. Just understanding the technology used in information security or planning for a critical business emergency are daunting challenges. Add on to that the applicable laws and regulations, the threats, policies, standards and guidelines, the ever changing business environment, etc. and you have a job that can frequently be overwhelming. But no matter what issue confronts you, it will fit within and be addressed by the process above. Just follow the steps discussed on the following pages.
For a further discussion of how this methodology applies to information security, click here.
©2009 ISRMC, LLC