Risk Management for IT Security
Rick Kazman and Daniel N. Port, University of Hawaii
David Klappholz, Stevens Institute of Technology
Quantitative versus Qualitative Approaches
Management of Information Security Standards
TCSEC, ITSEC, CTCPEC, Common Criteria, and ISO 15408
BS 7799, ISO 17799, and ISO TR 13335 (GMITS)
Strategic Risk Management Methods
Practical Strategic Risk Models
Multitechnique Strategic Methods
Strategic Decision-Making and Competing Risks
Balancing Competing Risks for Strategic Planning
Practical Risk Exposure Estimation
INTRODUCTION
According to Carr, Konda, Monarch, Ulrich, & Walker (1993), risks must be managed, and risk management must be part of any mature organization's overall management practices and management structure. They identify these primary activities for managing risk:
Identify: Risks must first be identified before they can be managed.
Analyze: Risks must be analyzed so that management can make prudent decisions about them.
Plan: For information about a risk to be turned into action, a detailed plan, outlining both present and potential future actions, ...
Get Handbook of Information Security: Threats, Vulnerabilities, Prevention, Detection, and Management, Volume 3 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
