Chapter 5: Risk management

“Good risk management fosters vigilance in times of calm and instills discipline in times of crisis.”

Dr. Michael Ong Executive Director, Center for Financial Markets

This chapter is about the heart of any ISMS: the risk management methodology. The methodology used to identify, analyze, evaluate, and treat risks is foundational to any ISMS, and sets the stage for identifying and appropriately protecting the organization’s assets.

Before we begin, what would you say is the definition of risk? Most security professionals would quote something like this:

1. Risk is the impact to an asset considering the probability that a particular threat will exploit a particular information system vulnerability.

2. Risk is the potential ...

Get The CISO Perspective - Understand the importance of the CISO in the cyber threat landscape now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

The CISO Perspective - Understand the importance of the CISO in the cyber threat landscape by Barry Kouns, Jake Kouns

CHAPTER 5: RISK MANAGEMENT

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly