by
Hussein Bahgat , Information Security manager , Standard Chartered Bank –
If you do a regular review and do a compartive analysis on how critical risks were reduced then this is effective , if they lay around in some drawer then your process is broken.