Professional workshop: Managing your way out of risk
- Article 24 of 33
- SC Magazine, January 2011
No organisation can prevent every possible incursion, so risk management is becoming the de facto way to protect an organisation's data. Rob Buckley takes you through the strategy and tactics of an approach used even in ancient Rome
Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | All 5 Pages
Barnier also argues that risk management is increasingly being seen in the US and other countries as improving the performance of organisations.
There are few specific qualifications in risk management as it relates to information security, but both ISF and ISACA offer training in it. Indeed, since 2002, 22 per cent of ISACA's Certified Information Security Manager (CISM) qualification has involved risk management training and the organisation's risk management events have seen considerable interest.
For example, some 2,000 ISACA members from all over the world attended a recent web event it organised. “It exceeded our capacity. We had the same experience three weeks ago, with a bumper attendance – we're getting big demand from a variety of organisations.”
ISF's training courses are seeing similar interest. “Our members run workshops to train those who attend,” says Petch. “In the past two years, 1,000 people have taken part.” A variety of skills are taught at these workshops. “They look at risk analysis, monitoring, how to set up a risk analysis capability and implementation, alongside the basic science.” Included in that science is the ability to put figures to incident risks. “In the past, it used to be more of a dark art than a science. There'd be values in the boxes, but you didn't know why they came out the way they did.” Equally important are people skills. “A lot of it is about facilitation and getting the right people in the room together.”
In both ISACA's and ISF's risk management training, skills development is important. “With insurance actuaries, the data stays the same,” says Petch. “In IT security, nothing stays the same.” And ISACA's CISM qualification, which attracts some of the highest pay premiums of any certification, has a continuing professional development (CPD) component. “You need to do your own reading and work to get CPD training credits” to keep your certification, says Barnier.
Nevertheless, despite the recent interest in risk management, it's an old science that goes back a long way, Barnier believes. “Roman shipping operators used it. It has always been important.”
Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | All 5 Pages