At an operational level, the first step to manage digital security risk in organisations is the adoption of a strategic approach and the establishment of appropriate governance, where the economic leadership of the organization owns the digital security risk and works with technical experts to address it. The strategy should create a risk assessment and treatment cycle, whereby the risk is systematically evaluated, and the business leadership decides which part of the risk to take, avoid, reduce and transfer.
On that basis, they can work with technical experts to select security measures which may involve technologies, human and organisational aspects. They should explore how security can add value and create a competitive advantage. Lastly, they should also take resilience, preparedness and continuity measures in order to be prepared when an incident happens.
This post was originally published on the 3rd party site mentioned in the title of this this site