Security Programs: Risk Assessment and Management



THIS CHAPTER, SOMEWHAT LIKE THE LAST ONE, will serve as a good resource for any organizational member who is (or who might be) involved in security assessments and audits, as well as in risk management programs. In the last chapter, we introduced many regulations that require organizations to implement a risk assessment–based approach to their information system security. In an effort to meet this “due care” standard, many organizations are turning to best practices and control frameworks. Although the goal is to assist organizations with appropriate information technology (IT) governance, the increasing number of frameworks and best practices can add complexity and confusion to ...

Get Information Security for Managers now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.