The first step in the risk management process is to acknowledge the reality of risk. Denial is a common tactic that substitutes deliberate ignorance for thoughtful planning.
Charles Tremper, American author on law and risk management
In this chapter, we shall review the underlying principle of cyber security – that of risk management. This chapter is not a detailed review of the subject – you can find this in my previous book Information Risk Management: A practitioner’s guide,1 also published by BCS, The Chartered Institute for IT.
In Part I of this book, we looked at some of the impacts of cyber-attacks, the threats that can cause them and some of the possible motives behind an attack. Impacts ...