Chapter 20. Risk Management, Security Compliance, and Audit Controls
Solutions in this chapter:
▪ Risk Analysis
▪ Creating an Information Systems Risk Program
▪ Risk Assessment
▪ Risk Summary
▪ Business Impact Analysis
▪ Defense in Depth
▪ Data Classification
Summary
Introduction
In this chapter we introduce the major methods used in risk measurement and audit. Risk assessment is fundamental to the security of any organization. It is essential in ensuring that controls and expenditure are fully commensurate with the risks to which the organization is exposed. First we define risk and other terms and then look at the methods used.
What is a Process?
Processes are the methods that we use to achieve our objectives. How are processes implemented within an organization? ...
Get The IT Regulatory and Standards Compliance Handbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.