It is essential for Risk Management to become part of the organization’s culture. Therefore communicating and creating awareness of relative issues across the organization at each step of the Risk Management process are very important.
Communication should by all means involve an open discussion with all stakeholders with efforts focused on consultation and development of common understanding, rather than on a one way flow of information from the decision maker to the other stakeholders.
Risk Management can and will be enhanced by parties and individuals understand each other’s perspectives and who are consulted in a timely fashion, where appropriate. Stakeholders, like every human being, tend to make judgments about risk based on their perceptions. These can vary due to differences in values, needs, assumptions, concepts and concerns, as they relate to the risks or the issues under discussion. Since the views of stakeholders can have a significant impact on the decisions made, it is important that possible variations in their perceptions of risk be identified, recorded and addressed in the decision making process. In the long term, ENISA will contribute to the generation of qualitative criteria aiming at the creation of balanced estimations about assessed risks among various experts using various methods and tools.
External communication and consulting by specialized consultants, as well as exchange of information and cooperation with other organizations should also be planned and implemented on a regular basis. The exchange of this knowledge and experience can prove extremely helpful for addressing issues related to both the risks and the process to manage these risks, leading thus to a view on risks that is free from subjective estimations. Furthermore, involving external personnel in such activities contributes towards the renewal of available know-how and risk perception.
It is often the case that “established” practices lead to isolated or narrow observation of the status quo of the security. External personnel contribute in bringing in “fresh air” by means of additional viewpoints in the evaluation of risks.