An important key to establishing any kind of security policy or regime is to assess and manage potential risks, and associated responses. Here, risk management fundamentals include
Understanding the true monetary value of information (and hence, associated risks).
Understanding how information security relates to potential business problems (an important aspect of risk management).
Understanding that the ramifications of an attack on computer systems or networks can include destruction or alteration of data, financial loss, misuse of resources, and damage to public confidence.
Understanding how to perform a risk assessment, as described in Step by Step ...