Tactical Risk

As strategy is broad brush so tactical is a more detailed approach to the management of information risks. A tactical approach to information risks will address the individual areas of risk that have been identified by the Business Impact Assessment and refine the findings either by using a risk assessment tool or by implementing baseline security controls. This is normally executed via the development of a risk framework within which individual control domains can be addressed.

Risk management controls need to be implemented within an overall process that ensures both comprehensiveness and completeness. MWR InfoSecurity will encourage organisations to do this by establishing a control framework for the risk area, within which individual controls may be implemented and managed. Such a control framework would be both discrete and reactive, in that it would be able to protect the information concerned appropriately, without being affected by changes to other control regimes. However, the controls should be capable of change if the environment that mandated them changes also.

Along with each control domain there will need to be a set of management tools so that the domains and their attendant controls can be managed in a formal and repeatable manner. This required a set of policies, processes, standards and procedures to ensure that the controls framework is formerly governed.

A tactical control domain could be an area such as contingency planning. This control domain would interface with a number of domains but principally with Business survival and disaster recovery.

Threat analysis is an example of a control definition tool that will span both tactical and operational security boundaries.

For further detail on relevant services, please click here.