7.2 Risks and Management
Obviously, information systems are critical assets in most organizations, and protecting them is essential in corporate and governmental operations. Yet no system can be completely secured, and determined attackers can breach even the hardest of defenses. Technology managers and security professionals must be prepared to define the level of risk that they are willing to accept compared to the costs associated with implementing preventative and corrective measures. Again, risk assessment is an ongoing process of identifying risks and threats, whereas risk management is the ongoing process of implementing measures according to the costs and benefits associated with risks and security countermeasures, as well as determining ...
Get Information Security Management, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
