- If the goal of your information security programme is to manage risk, rather than reducing it, how do you demonstrate success?
- How can InfoSec leaders support their organisations in determining a clear risk appetite
- If you are managing risk well, is the additional cost to reduce risk necessary?