Security Risks vs Operational Risks

[Colin Abbott <colin.abbott () MCGILL CA>]

Hello,

   As part of building our ISMS we are currently defining our processes for Risk management. We have been asked to 
expand the process outside of security and also address how security impacts operational activities. We are being asked 
to do this mainly because often even when there is a security vulnerability that is rated as critical operation teams 
don't immediately want to address it due to lack of resources, competing projects, testing effort, production 
instability. We are trying to build a framework that helps operations managers reduce their operation risks and guide 
them to make decisions.

Has anyone already defined a framework to assess security risks against operational risks?

Thanks
Colin
[cid:image001.png@01D1760C.2CCD4430]Colin Abbott, Associate of (ISC)2 working towards CISSP  | IT Security Architect  | 
McGill University | Network and Communication Services | '514-398-5070