IT Risk Management
IT risk management can be considered a component of a wider enterprise risk management system.
The establishment, maintenance and continuous update of an ISMS provide a strong indication that a company is using a systematic approach for the identification, assessment and management of information security risks.
Different methodologies have been proposed to manage IT risks, each of them divided in processes and steps.
The CISA Review Manual 2006 provides the following definition of risk management: "Risk management is the process of identifying vulnerabilities and threats to the information resources used by an organization in achieving business objectives, and deciding what countermeasures, if any, to take in reducing risk to an acceptable level, based on the value of the information resource to the organization."
Read more about this topic: IT Risk
Famous quotes containing the words risk and/or management:
“It’s a funny thing, the less people have to live for, the less nerve they have to risk losing—nothing.”
—Zora Neale Hurston (1891–1960)
“This we take it is the grand characteristic of our age. By our skill in Mechanism, it has come to pass, that in the management of external things we excel all other ages; while in whatever respects the pure moral nature, in true dignity of soul and character, we are perhaps inferior to most civilised ages.”
—Thomas Carlyle (1795–1881)