O'Reilly logo

Information Security A Practical Guide: Bridging the Gap between IT and Management by Tom Mooney

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CHAPTER 3: BUSINESS RISK APPETITE

Chapter Overview

The business’ risk appetite is perhaps the most important thing to know when working to secure a system. When I began my career in security I understood how to secure a system; I had a wealth of knowledge, tools and techniques for protecting different systems. What I did not understand at that stage, however, was how do I know which controls to implement and how secure should each system be. What I did not understand was the risk appetite, which is (defined by ISO31000) how much risk is the business willing to accept in trying to achieve its goals. Of course it’s not simply a case of saying I’m this hungry for risk; we need to understand how to define that hunger and then apply it. Risk appetite ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required