CHAPTER 5: RISK MANAGEMENT

Good risk management fosters vigilance in times of calm and instills discipline in times of crisis.

Dr Michael OngExecutive Director, Center for Financial Markets

This chapter is about the heart of any Information Security Management System; the risk management methodology. The methodology used to identify, analyze, evaluate and treat risks is foundational to any ISMS, and sets the stage for identifying and appropriately protecting the organization’s assets.

Before we begin, what would you say is the definition of risk? Most security professionals would quote something like this:

1     Risk is the impact to an asset considering the probability that a particular threat will exploit a particular information system vulnerability. ...

Get The Chief Information Security Officer: Insights, tools and survival skills now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.