Chapter 34

Risk Management

Sokratis K. Katsikas     University of Piraeus, Piraeus, Greece

Abstract

In this chapter, the selection and specification of security controls for an information system are accomplished as part of an organization-wide information security program that involves the management of organizational risk: that is, the risk to the organization or to individuals associated with the operation of an information system. The management of organizational risk is a key element in the organization's information security program and provides an effective framework for selecting the appropriate security controls for an information system: the security controls necessary to protect individuals and the operations and assets of the organization. ...

Get Computer and Information Security Handbook, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.