With its emphasis on structure, transparency, extensiveness, certainty and adaptability, Risk Management is an ideal model for cybersecurity programs. Core risk management principles such as creating value, being an integral part of the organizational and decision-making process, being systematic, processing accurate and extensive information, and continuously monitoring and improving are directly applicable to InfoSec programs.
Why risk is an ideal strategic driver and tactical measure for cybersecurity planning & management
How vulnerability management benefits from a risk-centric approach
The model for creating a risk-centric vulnerability management program
A blueprint for creating risk-centric cybersecurity management programs