Appendix C: Framework for Information Risk Management

The framework for information risk management (Figure C.1) is based on the IT Security Standards Framework (SPRING Singapore 2001) that I co-developed in 2001 as a structure supporting or containing the key areas that required identification and assessment as part of the security requirements definitions before designing the security plan (Princeton University 2003).

In accordance with the definition of framework provided in the American Heritage Dictionary, an information security framework in essence encapsulates “a set of assumptions, concepts, values, and practices that constitutes a way of viewing reality” in relation to the information security of an organization. Our framework incorporates ...

Get Responsive Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Responsive Security by Meng-Chow Kang

Appendix C: Framework for Information Risk Management

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly