2 INFORMATION RISK
Information assurance is almost entirely about the management of risk. The concepts of confidentiality, integrity and availability covered in Chapter 1 are merely areas of risk that must be addressed in an information system’s environment. This chapter of the book will examine the component parts of risk – threats, vulnerabilities and impact, and combining threats with the likelihood or probability that the threat will be carried out, the resulting risk. It introduces the basic terminology of risk and discusses the potential threats to, and vulnerabilities of, information systems and the processes for understanding and managing risk relating to information systems.
THREATS TO, AND VULNERABILITIES OF, INFORMATION SYSTEMS ...
Get Information Security Management Principles, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
