9.Information Security Risk Communication And Consultation Flashcards
Information Security Risk Communication And Consultation
Input
All risk information obtained from the risk management activities
Action
Information about risk should be exchanged and/or shared between the decision-maker and other stakeholders.
Implementation guidance
Risk communication is an activity to achieve agreement on how to manage risks by exchanging and/or sharing information about risk between the decision-makers and other stakeholders.
Risk communication should be carried out in order to for exampel in order to:
— provide assurance of the outcome of the organization’s risk management;
— collect risk information;
— share the results from the risk assessment and present the risk treatment plan;
— avoid or reduce both occurrence and consequence of information security breaches due to the lack of mutual understanding among decision-makers and stakeholders;
Output
Continual understanding of the organization’s information security risk management process and results.