14.2. A Framework for Managing Information Security Risks

Information security risk management is the ongoing process of identifying and addressing information security risks. This section explores the details of a structured approach for managing risks. Figure 14-4 illustrates the operations required by the information security risk management framework as well as the major tasks completed during each operation. This type of framework is common to risk management approaches in many domains, including information security [GAO 98].

Figure 14-4. Operations and Tasks of the Information Security Risk Management Framework

Assigning Responsibility

Get Managing Information Security Risks: The OCTAVESM Approach now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.