Risk Management in Information Security

Contributed by Jack Webb

Protecting assets and valuable data is the goal of information security. In order to initiate the necessary measures, there are many areas under information security management that must be considered. One of these is risk management. Under risk management, management must identify the different types of risks whether they are negative or positive. This allows management to assess each risk and then prioritize them based on a predetermined guideline that assists in implementation or possible corrective actions. Based on assessments, management can determine what measures to place which could prevent or at least mitigate possible consequences. There are predetermined steps and principles that assist management in drafting a tailored risk management policies. This also includes well established risk management guidelines that are meant to set standards within information security management.

This document is in PDF format. To view it click here.

Rate this article: 
No votes yet