Some people play Wordle to get their brains moving in the morning. I
find one of Linked-In’s incredibly stupid “AI”-driven “articles” where
they limit you to 750 characters of commentary (times 5-7 article
segments) and write a cohesive answer to the whole thing in one
block.
Herewith: “How Do You Work With Other IT Departments To Manage
Security Risks”
Either your company understands that security is the prime risk
assessment and management tool, or it does not. Figure this out
first.
Assuming your company cares, get an executive mandate. Bring the IT,
Ops, Network Engineering, Security, Software Development, Hardware
Engineering, Legal, and all other relevant groups together. Establish a
common vocabulary, write a policy, and appoint a committee that has the
authority to approve exceptions and change policy.
Policy is implemented in plans, and if your company is large enough,
some groups will need their own plans. Write them to a common skeleton,
and publicize them internally.
Include Business Continuity and Disaster Recovery as subsets of
Security: that’s where they belong. Done in 750.
-30-