Page 42 - Cyber Defense eMagazine June 2020 Edition
P. 42

Managing an Information Security Risk Program

                                                   A Managerial Approach

                                  By Adriano Novaes, Senior Cybersecurity Consultant



            Every organization should have an information security management program. The program consists of
            the totality of all activities and expenditures the organization takes to protect sensitive information. The
            program may be formal with a specific executive tasked with management responsibility, or it may be
            informal  with  activities  and  expenditures  spent  as  needed.  Formal  or  ad  hoc,  proactive  or  reactive,
            effective or not, every organization manages the security of its critical information.



            Set the goals

            The objective of an organization’s Information Security Management Program is to prudently and cost-
            effectively manage the risk to critical organizational information assets.

            • The risk that critical information is compromised






            Cyber Defense eMagazine –June 2020 Edition                                                                                                                                                                                                                         42
            Copyright © 2020, Cyber Defense Magazine.  All rights reserved worldwide.
   37   38   39   40   41   42   43   44   45   46   47