This is the first book to introduce the full spectrum of security and risks and their management. Author and field expert Bruce Newsome helps readers learn how to understand, analyze, assess, control, and generally manage security and risks from the personal to the operational. They will develop the practical knowledge and skills they need, including analytical skills, basic mathematical methods for calculating risk in different ways, and more artistic skills in making judgments and decisions about which risks to control and how to control them.
Chapter 11: Recording, Communicating, Assuring, and Auditing
Recording, Communicating, Assuring, and Auditing
This chapter explains how to record the risks that you have assessed and how you have managed them, how to communicate information on security and risk, how to monitor and review how your stakeholders are managing their security and risk, and how to audit how other others manage their security and risk.
This section describes why recording information about risks and risk management is important and often required by higher authorities and how practically you should record such information.
A good process for managing risk should include the deliberate maintenance of some record (also known as a register or log) of your assessments of the risks and how you are managing the risks. Such a record ...