Chapter 13

Risk Management

Information in this chapter:

• Fundamentals of Risk Management

• Enterprise Risk Management and the Risk Management Framework

• Risk Management as an Input to Decision Making

• Managing Risk Associated with Information and Information Systems

• Performing Risk Assessments on Information Systems

Risk Management

The Federal Information Security Management Act defines information security as “the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction” in order to safeguard their confidentiality, integrity, and availability [1]. No organization can provide perfect information security that fully assures the protection of information and information ...

Get FISMA and the Risk Management Framework now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.