Information in this chapter:
• Fundamentals of Risk Management
• Enterprise Risk Management and the Risk Management Framework
• Risk Management as an Input to Decision Making
• Managing Risk Associated with Information and Information Systems
• Performing Risk Assessments on Information Systems
The Federal Information Security Management Act defines information security as “the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction” in order to safeguard their confidentiality, integrity, and availability . No organization can provide perfect information security that fully assures the protection of information and information ...