Chapter 3

Thinking About Risk

Information in this chapter:

• Understanding Risk

• Trust, Assurance, and Security

• Risk Associated with Information Systems

• Risk Management Life Cycle

All organizations have some exposure to risk, defined as the potential for loss, damage, injury, or other undesirable outcome resulting from decisions, actions, or events affecting organizational operations. Risk exists because the future cannot be predicted with certainty; organizational plans or strategies regarding future events reflect assumptions, calculations, or estimates about what will occur, but there is always a chance that events will unfold differently than anticipated, potentially with results less favorable than those for which the organization planned. ...

Get FISMA and the Risk Management Framework now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.