Over the past week I’ve been looking at our existing processes for managing risk, how information security risk fits within this framework, and what improvements can be made overall. One of my concerns is that most people aren’t used to explicitly thinking about risk and that my colleagues need to be able to relate to […]