E-MailWhat Makes Information Security Risk Management Different?
All risk management concerns the identification, analysis, mitigation, and monitoring of risks. Corporate risk management processes and plans can be focused on individual projects or are based on specific functions, such financial risk. Project risk management processes are built on a fairly well-defined, narrow set of risk sources and potential mitigation actions such as software development risk [1], [2]. Information security risk management is built upon a broad, unbounded foundation of unknown size and complexity [3], leaving managers with the unwelcome task of trying to predict the outside world. This form of risk management is concerned with protecting the critical information-based assets of an organization that enable it to succeed. The focus is on the entire organization -- all of its projects and business units. These assets could be product designs, customer information, the information technology infrastructure, or personnel records. This article will look at a few of the unique aspects of managing the security risks to information assets.
Cutter Consortium clients, please log in:
If you would like further information about how to become a client, please contact us at +1 781 648 8700 or sales@cutter.com, or you can Request Guest Access.