This chapter has gone over the major topics that heavily influence decisions made by information security professionals: risk management and governance structures. When I introduced this, I said that it probably didn't sound like a barnburner, full of thrills and excitement, but I'm sure now that you're reading this summary, your view on the matter has changed slightly. I would say that with a bit of practice in mastering the basics found in this chapter, my promise to you that you will be a highly effective, well-oiled risk management machine in no time will come true.
In the next chapter, we'll be looking at protecting the security of assets, which is now a much more achievable task. You have an understanding of various core concepts, and we're going to proceed toward leveraging everything we have covered in this first chapter to create a more mature ISMS, as well as develop your skills further by focusing on effective processes to ensure you can identify and protect your organization's assets throughout their life cycle, avoiding some common pitfalls that information security professionals often run into.
Let's do this!