ABSTRACT
Risk management responsibilities are usually split between a number of organizational entities with the consequence that the biggest risk may well be a lack of continuity and integration between these efforts. The fact that all parts of any organization are required to operate in some fashion related to managing risk further complicates the problem. While many of these risk management concerns may be the responsibility of an organizational risk manager, many will also have a direct impact on information security. This includes most elements of physical security including how every user of information systems behaves, how physical information is handled, how laptops and other portable devices storing information are managed, and how access to facilities is controlled, to mention a few.
