Security Incident Management should feed into Risk Management

The problem many security organizations meet is when providing numbers that are based on guess work, and not real numbers, makes senior management less interested in investing time discussing the matter of setting aside resources to address something that could, potentially, be a real risk for the organization. A reason for this could be that …