Chapter 7
Information Technology
Risk Management
Nick Vellani
In this chapter...
Why Information Technology Security Is Important
Information Technology Risk Management
Asset Identification
Information Technology Risk Assessment
Information Technology System Characterization
Threat Assessment
Vulnerability Assessment
Control Evaluation
Likelihood Determination
Impact Analysis
Risk Determination
Control Recommendations
Results Documentation
Risk Mitigation: Options and Strategies
Control Implementation Methodology
Control Categories
Cost-Benefit Analysis
Residual Risk
Evaluation and Refinement
Why Information Technology Security Is Important
to Traditional Security Decision Makers
Most security decision makers have heard the term convergence but are con-
fused about its meaning and application. Convergence is defined as the process
of two entities coming together to a common point. For the purposes of risk
management, convergence is defined as the process of traditional risk man-
133

Get Strategic Security Management now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.