CHAPTER 1: RISKS AND CONTROLS
Before considering information risk, we need to understand the basic concepts of risks and how they can be managed. This will put the management of specific IT risks into context and also improve our communication with other risk management professionals. Following financial and other business scandals and crises, there has been an increased focus on risk – a whole industry has been created around the Sarbanes-Oxley Act, impacting US based companies. It has also become an area for academics and standard setters.
In this chapter we will consider:
• What is risk?
• Management of risk
Risk awareness and ...