2 INFORMATION RISK
Information assurance is almost entirely about the management of risk. The concepts of confidentiality, integrity and availability already covered in Chapter 1 are merely areas of risk that must be addressed in an information systems environment. In this section of the book, we will examine the component parts of risk – threats, impacts and vulnerabilities. When combined with the likelihood or probability that the threat will be carried out, these constitute the risk. We will also introduce the basic terminology of risk and discuss the potential threats to, and vulnerabilities of, information systems, and the processes for understanding and managing the risk relating to them. This chapter covers about 10 per cent of the CISMP ...
Get Information Security Management Principles - Second edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.