About half of internal audit’s key stakeholders do not believe that internal audit is either delivering the value it should or addressing the risks that matter
Ramblings on risk starting with John Pescatore and ending with comments from FAIR risk framework creator Jack Jones. This is a direct transcription of a discussion about risk management on LinkedIn started […]
There is no such thing as Information Security risk. There are just business risks that have one or more security or IT related causes.