9.Information Security Risk Communication And Consultation Flashcards

1
Q

Information Security Risk Communication And Consultation

Input

A

All risk information obtained from the risk management activities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Action

A

Information about risk should be exchanged and/or shared between the decision-maker and other stakeholders.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Implementation guidance

A

Risk communication is an activity to achieve agreement on how to manage risks by exchanging and/or sharing information about risk between the decision-makers and other stakeholders.

Risk communication should be carried out in order to for exampel in order to:
— provide assurance of the outcome of the organization’s risk management;
— collect risk information;
— share the results from the risk assessment and present the risk treatment plan;

— avoid or reduce both occurrence and consequence of information security breaches due to the lack of mutual understanding among decision-makers and stakeholders;

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Output

A

Continual understanding of the organization’s information security risk management process and results.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly