Abstract

This chapter gives an introduction to the role of risk management within the federal government and the evolution of federal information security risk management practices. An overview of the enterprise-wise risk management methodology focuses on the integration of risk management through a multitier risk management structure. In addition, the methodology is discussed as it applies in the context of the organizations supporting the federal government by examining each step of the risk management process across the organizational tiers. For comparison, federal and international risk management standards and guidelines are briefly examined with a focus on illustrating the similarities and differences.