Back in November 2014, we published an alpha set of principles on “Risk management of cyber security in technology projects”. You may have noticed that we recently issued a beta version following analysis of feedback and some further testing of our ideas with a broader range of users who help to deliver enterprise IT to government.
We were quietly pleased that our additional user requirements capture and analysis didn’t lead to a major re-write. Rather, we found we needed to fine-tune the principles to reflect the greater breadth of our understanding. For example, we spent quite a lot of time debating what we’d said about the use of jargon – sometimes using technical language is the right choice if you are communicating exclusively within the technical community.
We made other refinements, so take a look, see what you think and let us know. CESG will be saying more about managing risk at OFFICIAL for government over the next few weeks - watch this space for more information.