Date: 25/06/2022
Name:
Email: Keep my email address private
Reply:
**Your comments must be approved before they appear on the site.
Authentication:  
3 + 6 = ?: (Required)
Enter the correct answer to the math question.

  
clear
You are posting a comment about...
Enterprise Risk Management and Information Security
Enterprise Risk Management (ERM) has been around at least since the days of the Trojan Horse.  Information security risk management can learn much from ERM and avoid reinventing the wheel.  The National Association of Corporate Directors (NACD)  made this clear in the 2014 handbook Cyber-Risk Oversight.  Principle #1 is to approach cybersecurity as an enterprise-wide risk management issue.  For updated observations on ERM and information security, go to my CSO Online blog post "Don't be the next Humpty Dumpty".