Managing your Information Risk
'The purpose of risk management is not to chase the unattainable goal of perfectly secure systems and a risk-free business; it is to make sure that you have thought about what can go wrong, and that this thinking has influenced your organisation's decisions.'
[Source: UK's National Cyber Security Centre (NCSC), part of GCHQ]
Everyday Risk Assessment
We all take risks every day.
When you cross a road you look both ways before you cross.
You know there’s a danger and a risk that you could be killed or injured - but that doesn’t stop you crossing the road.
You assess the risks and you cross the road.
When it comes to assessing those risks, you don’t apply the same risk assessment principles to crossing a busy dual carriage-way as you do to crossing the quiet cul-de-sac where you live
And you certainly don’t take the risk of crossing roads such as the M4 motorway.
Compliance-Driven Risk Management
Although risk-taking and making informed decisions is part of our everyday life, in business it's compliance that is often the main driver for producing a risk assessment and managing the risks identified.