Risk is Everywhere – CISSP Focus
Risk is everywhere.
I have published a 33-minute comprehensive video series on CISSP Domain 1 Risk Management Concepts, packed with art, metaphors and visuals for CISSP As An Art members.
Below is a 90-second glimpse. If you don’t have 30 minutes:
– Risk is dynamic. You are shooting a moving duck. You have to keep moving your gun.
– Risk cannot be eliminated, whether it’s life or an organisation. Your number one priority as a consultant is to bring risk to the lowest acceptable level.
– Just because risk exists, it doesn’t mean you shouldn’t strive in business or stop living a life. You need to learn how to manage risk.
– Transferring risk to 3rd party seems to be an insurance, but it introduces a new chapter for risk management and requires exceptional due diligence.
– 3rd party is like a black box, so the most important due diligence is to review their compliance pack. If they can’t take security seriously, how can they secure your data?
– Don’t ignore your legal when dealing with 3rd party risks. Security clauses in the contract are the ultimate security controls when things go wrong.
– Don’t jump into numbers with risk analysis and complex mathematical formulas. Start with basic: Business impact analysis
– Ask two important questions for each risk: What’s the likelihood, and if it happens, how bad is the impact?
– Ocean’s 13 movie reference: Supply chain risk management is about focusing on the root. Bad guys who want to steal from the casino don’t bother about the CCTV camera. They focus on the dice manufactured in Mexico!
– Supply chain risk management is integrity maintained from a writer, director, producer, editor and composer. If integrity is compromised at any stage, the audience never feels the emotion in the theatre.
– Risk management framework is like building tailored security controls for your dream house. Implementation is the beginning, but testing controls that satisfy security needs, getting management approval, and 24×7 monitoring are key.
– At the end, security contract, SLAs, due diligence and building solid policies & standards make all the difference.
💡If you are interested in watching the above pointers in visual form, register for CISSP As An Art (CaaART) Course and watch the entire video series for risk management concepts.
