Security Programs: Risk Assessment and Management |
CHAPTER5 |
THIS CHAPTER, SOMEWHAT LIKE THE LAST ONE, will serve as a good resource for any organizational member who is (or who might be) involved in security assessments and audits, as well as in risk management programs. In the last chapter, we introduced many regulations that require organizations to implement a risk assessment–based approach to their information system security. In an effort to meet this “due care” standard, many organizations are turning to best practices and control frameworks. Although the goal is to assist organizations with appropriate information technology (IT) governance, the increasing number of frameworks and best practices can add complexity and confusion to ...
Get Information Security for Managers now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.