14.2. A Framework for Managing Information Security Risks
Information security risk management is the ongoing process of identifying and addressing information security risks. This section explores the details of a structured approach for managing risks. Figure 14-4 illustrates the operations required by the information security risk management framework as well as the major tasks completed during each operation. This type of framework is common to risk management approaches in many domains, including information security [GAO 98].