Risk Management in Information Security

by Jack Webb
Oct. 2, 2017 1 comment Infosecwriters Management

Protecting assets and valuable data is the goal of information security. In order to initiate the necessary measures, there are many areas under information security management that must be considered. One of these is risk management. Under risk management, management must identify the different types of risks whether they are negative or positive. This allows management to assess each risk and then prioritize them based on a predetermined guideline that assists in implementation or possible corrective actions. Based on assessments, management can determine what measures to place which could prevent or at least mitigate possible consequences. There are predetermined steps and principles that assist management in drafting a tailored risk management policies. This also includes well established risk management guidelines that are meant to set standards within information security management.

http://www.infosecwriters.com/Papers/JWebb_Risk_Mgmt.pdf

Avatar
Irina Alexandra Negrii 1 month ago

well established risk management guidelines are mandatory for a healthy business..we don't want surprises

Reply