Gov.uk, the website of the UK Government’s Digital Service that merges the websites of all UK Government Departments and many other agencies and public bodies, has posted a draft guidance document on risk management of cyber security in technology projects.
Based on user interviews and over ninety user stories, they found it to be essential to allow important members of the IT project (such as senior capability owners and technical practitioners) to create a culture and environment in which their risk management activities could flourish.
Below are Gov.uk’s eight fundamental principles of effective approaches to risk management:
– Accept there will always be uncertainty
– Make everyone part of your delivery team
– Ensure the business understands the risks it is taking
– Trust competent people to make decisions
– Security is part of every technology decision
– User experience should be fantastic – security should be good enough
– Demonstrate why you made the decisions – and no more
– Understand that decisions affect each other