Risk Management and Information Security
Risk management is a central focus of information security. Every action an organization takes—or fails to take—involves some degree of risk. Attention to risk management can mean the difference between a successful business or a failing business. That does not mean every risk is eliminated. Instead, organizations should seek a balance between the utility and cost of various risk management options. Different organizations have different risk tolerances. For example, an established hospital seeks to limit risk to the highest degree possible, whereas a new startup business with only a handful of employees may be more willing to take on risks that may result in attractive financial returns.
As a security ...
Get Fundamentals of Information Systems Security, 4th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
