Appendix C: Framework for Information Risk Management

The framework for information risk management (Figure C.1) is based on the IT Security Standards Framework (SPRING Singapore 2001) that I co-developed in 2001 as a structure supporting or containing the key areas that required identification and assessment as part of the security requirements definitions before designing the security plan (Princeton University 2003).

In accordance with the definition of framework provided in the American Heritage Dictionary, an information security framework in essence encapsulates “a set of assumptions, concepts, values, and practices that constitutes a way of viewing reality” in relation to the information security of an organization. Our framework incorporates ...

Get Responsive Security now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.