5: ASSESSING RISK VARIABLES: THE RISK ASSESSMENT PROCESS
INTRODUCTION
The nature of IT security has evolved rapidly in the relatively short life span of computer technology. Initially, security analysts and IT managers assumed they could simply eliminate security vulnerabilities in their computer and telecommunication systems and eliminate any chance of either intentional or unintentional exploitation of their information resources. This approach is more popularly known as risk avoidance. The risk avoidance strategy is a rather simplistic perspective that requires all vulnerabilities to be eliminated when they are identified. In theory, a risk avoidance approach would appear both logical and necessary to eliminate all potential risks to the ...
Get Assessing and Managing Security Risk in IT Systems now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.