ORGANIZATIONS FACE A WIDE range of challenges today, including ever-expanding risks to organizational assets, intellectual property, and customer data. Understanding and managing these risks are integral components of organizational success. The security practitioner is expected to participate in organizational risk management process, assist in identifying risks to information systems, and develop and implement controls to mitigate identified risks. As a result, the security practitioner must have a firm understanding of risk, response, and recovery concepts and best practices.
The following topics are addressed in this chapter: