CHAPTER 1: RISKS AND CONTROLS
Overview
Before considering information risk, we need to understand the basic concepts of risks and how they can be managed. This will put the management of specific IT risks into context and also improve our communication with other risk management professionals. Following financial and other business scandals and crises, there has been an increased focus on risk – a whole industry has been created around the Sarbanes-Oxley Act, impacting US based companies. It has also become an area for academics and standard setters.
In this chapter we will consider:
• What is risk?
• Management of risk
Risk awareness and ...
Get Fundamentals of Information Risk Management Auditing: An introduction for managers and auditors now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.