There is time between those risk management milestones.   During that time, risk is in limbo.   During that limbo, it’s the CISO that owns the risk.  Orchestrating the transfer of risk to the appropriate risk owner is one of the most under appreciated things that a CISO does. Here’s a hypothetical example: let’s say that there … Continue reading →