An Introduction To
Information, Network and Internet Security

Show table of contentsGlossary

Monitoring and review of the risk management process

Effective risk management requires a reporting and review structure to ensure that risks are effectively identified and assessed and that appropriate controls and responses are in place.

Regular audits of policy and standards compliance should be carried out and standards performance reviewed to identify opportunities for improvement. It should be remembered that organisations are dynamic and operate in dynamic environments. Changes in the organisation and the environment in which it operates must be identified and appropriate modifications made to systems. The monitoring process should provide assurance that there are appropriate controls in place for the organisation's activities and that the procedures are understood and followed.

Changes in the organisation and the environment in which it operates must be identified and appropriate changes made to systems. Any monitoring and review process should also determine whether:

         the measures adopted resulted in what was intended;

         the procedures adopted and information gathered for undertaking the assessment were appropriate;

         improved knowledge would have helped to reach better decisions and identify what lessons could be learned for future assessments and management of risks.



The Security Practitioner

An Introduction to Information Security