IT Risk Management
IT risk management can be considered a component of a wider enterprise risk management system.
The establishment, maintenance and continuous update of an ISMS provide a strong indication that a company is using a systematic approach for the identification, assessment and management of information security risks.
Different methodologies have been proposed to manage IT risks, each of them divided in processes and steps.
The CISA Review Manual 2006 provides the following definition of risk management: "Risk management is the process of identifying vulnerabilities and threats to the information resources used by an organization in achieving business objectives, and deciding what countermeasures, if any, to take in reducing risk to an acceptable level, based on the value of the information resource to the organization."
Read more about this topic: IT Risk
Famous quotes containing the words risk and/or management:
“The risk for a woman who considers her helpless children her “job” is that the children’s growth toward self-sufficiency may be experienced as a refutation of the mother’s indispensability, and she may unconsciously sabotage their growth as a result.”
—Letty Cottin Pogrebin (20th century)
“The care of a house, the conduct of a home, the management of children, the instruction and government of servants, are as deserving of scientific treatment and scientific professors and lectureships as are the care of farms, the management of manure and crops, and the raising and care of stock.”
—Catherine E. Beecher (1800–1878)