Identification, Assessment, and Management of Risks in InfoSec

Contributed by David McDaniel

Since antiquity, humans have required the need to protect sensitive data. Whether for national security, financial, or a myriad of personal reasons, information security has been important. Threats of cipher-cracking, information theft, and physical damage have posed risks to this security. With the rise of the personal computer and the Internet, these issues have only been exacerbated, providing countless vectors through which information can be compromised. Due to this rise of risk in information technology, it is becoming increasingly important for an organization to practice thorough and methodical risk management for all information assets.  This term paper provides an analysis of designing and implementing a risk management strategy for an organization. Focus is placed upon the identification of risks, the analysis of risks, the management (or treatment) of risks, and the importance of recurring monitoring. Also included is a brief overview of several popular risk management strategies and methodologies which can be utilized individually or collectively as a framework for a risk management strategy.
This document is in PDF format. To view it click here.

Rate this article: 
No votes yet