Managing information security risks in a systematic way involves identifying the organizational risk tolerance and assessing all risks for treatment options based on the risk tolerance.
The Information Security Risk Management Template:
- Ensures that unacceptable risks are being identified and addressed properly.
- Ensures that money and effort isn’t being wasted by mistreating insignificant risks.
- Provides senior management visibility to the organizational risk profile and risk treatment priorities to support their ability to make strategic decisions.