Risk and micro, small business
Risk; why is it so difficult? Information security risk management, or if you wish cyber security risk management; either way it appears to cause a bit of a problem. Over many years now I have seen and audited different concoctions, the majority of which fail completely to be effective in managing the risk. That said, I have also seen some scarily good processes, many of which are application driven rather than spreadsheet driven. This is an out and out plug, but the best and most effective examples have usually be driven by Acuity Risk Management's Stream application . However, for the micro or small business the best approach is to keep things simple, for the moment at least. Risk description - there are excellent definitions for risk published within various ISO documents. However it all boils down to the following: Source (what is the source of the thing that could happen - internal or external parties) Event (what is going to occur) ...