Abstract: This chapter provides an overview of all the important factors related to risk management and information security. The Information Security Governance and Risk Management domain focuses on risk analysis and mitigation. It also details security governance, or the organizational structure required for a successful information security program. It ensures that an organization has the correct information structure, leadership, and guidance. Risk Analysis (RA) helps to ensure that an organization properly identifies, analyzes, and mitigates risk. All three of these qualities—information security governance, ethics, and Risk Analysis—are crucial for the success of an organization. The value or criticality of the asset dictates the safeguards that are deployed. The Risk Analysis Matrix uses a quadrant to map the likelihood of a risk occurring against the consequences (or impact) that the risk would have. The resulting risk scores are Low (L), Medium (M), High (H), and Extreme (E). Low risks are handled via normal processes; moderate risks require management notification; high risks require senior management notification; and extreme risks require immediate action, including a detailed mitigation plan (and senior management notification). The Annualized Loss Expectancy (ALE) calculation allows determination of the annual cost of a loss due to a given risk. Once calculated, ALE allows making informed decisions to mitigate the risk. This chapter further discusses the procedures to assess risk and mitigate it efficiently.
Publication Year: 2010
Publication Date: 2010-11-12
Language: en
Type: book-chapter
Indexed In: ['crossref']
Access and Citation
AI Researcher Chatbot
Get quick answers to your questions about the article from our AI researcher chatbot