I am on fire! I mean I have been cruising through one professional development course after the other. Psyched about having made it to NSW TAFE Business Administration Skills course with a job trainer scholarship. Having completed ‘Certified Information Security Manager Prep’ course offered by Charles Sturt University, I have begun to think about everything in terms of project management, risk management and information security. RIMPA has had its share on influencing my thoughts too as I have participated in about 18 courses out of the 20 offered by the association out of which a few were about project management, information management, risk management, change management, data management and information security.
Being a person with a literary bent of mind, whose mind has been attuned to Shakespeare, Wordsworth, Milton, Charles Lamb, Thomas Hardy etc., it was not difficult for me to comprehend concepts such as Information security governance, risk management, Information security program and strategies and Incident security incident management etc., as it had been delivered through an analogy by the wise instructor. I was asked to picture a castle with strong walls and a few entry points guarded by security staff who strictly monitored who came in and went out. He then asked us to substitute the ‘who’ with what information came in and went out. If the ruler insisted on enhanced protection, then the options left were thicker walls and additional security guards while the ruler and his family remain protected and safe inside the castle. In other words, with a good information security program and incident response plan, the information would be protected inside the organization and be safe from hacker attacks and other cybersecurity threats.
Till I enrolled for the CISM PREP course, vulnerabilities and threat scenarios had more connections with real life situations than with risk management for information management. I was introduced to several international standards such as ISO/IEC 27005 (Risk management and risk assessment), NIST SP 800-39, COBIT 5 (ISACA IT Governance), RIMS (Risk Maturity Model), FRAP (Facilitated Risk Assessment Process) etc. Besides medical and other emergency treatments, now I am well versed with risk treatments which are avoid, transfer, mitigate, accept, ignore and inherent and residual risks. I have heard or registers maintained for a variety of purposes but now I am familiar with risk and information assets registers.
Life is a mega project with many unpredictable situations and unimaginable risks just as the different stages of the project which requires change management. I wondered if risks would be minimized if we had risk frameworks, risk management strategies and risk treatments for humans and their relationships. I wondered if Incident Response Management, Incident Response Plan, and Insurance would have helped us to identify gaps, document events/risks, gather evidence, establish procedures and prepare us better for future disasters through simulation tests. Don’t you think Life Management done well could change the fortunes of many men and women?