Posted on Fri 22 September 2023
Some people play Wordle to get their brains moving in the morning. I find one of Linked-In’s incredibly stupid “AI”-driven “articles” where they limit you to 750 characters of commentary (times 5-7 article segments) and write a cohesive answer to the whole thing in one block.
Herewith: “How Do You Work With Other IT Departments To Manage Security Risks”
Either your company understands that security is the prime risk assessment and management tool, or it does not. Figure this out first.
Assuming your company cares, get an executive mandate. Bring the IT, Ops, Network Engineering, Security, Software Development, Hardware Engineering, Legal, and all other relevant groups together. Establish a common vocabulary, write a policy, and appoint a committee that has the authority to approve exceptions and change policy.
Policy is implemented in plans, and if your company is large enough, some groups will need their own plans. Write them to a common skeleton, and publicize them internally.
Include Business Continuity and Disaster Recovery as subsets of Security: that’s where they belong. Done in 750.