Security is an operational risk management activity focused on enterprise assets. The goal of security is to contribute to attaining and sustaining enterprise resiliency
- Security is a business issue
- Security is owned by the organization
- Security is an investment
- Security is an enterprise process that can be measured and managed.
Resiliency emerges when enterprise assets are free from disruption. Managing both sides of the risk equation as a whole, in balance with organizational drivers and costs, is a method to achieve a level of adequate resiliency.
- Manage threat by reducing the likelihood of the condition occurring
- Manage impact by reducing potential impact and/or ensuring the organization can handle the result of a realized risk.