IT Risk Management
IT risk management can be considered a component of a wider enterprise risk management system.
The establishment, maintenance and continuous update of an ISMS provide a strong indication that a company is using a systematic approach for the identification, assessment and management of information security risks.
Different methodologies have been proposed to manage IT risks, each of them divided in processes and steps.
The CISA Review Manual 2006 provides the following definition of risk management: "Risk management is the process of identifying vulnerabilities and threats to the information resources used by an organization in achieving business objectives, and deciding what countermeasures, if any, to take in reducing risk to an acceptable level, based on the value of the information resource to the organization."
Read more about this topic: IT Risk
Famous quotes containing the words risk and/or management:
“Maybe we were the blind mechanics of disaster, but you don’t pin the guilt on the scientists that easily. You might as well pin it on M motherhood.... Every man who ever worked on this thing told you what would happen. The scientists signed petition after petition, but nobody listened. There was a choice. It was build the bombs and use them, or risk that the United States and the Soviet Union and the rest of us would find some way to go on living.”
—John Paxton (1911–1985)
“No officer should be required or permitted to take part in the management of political organizations, caucuses, conventions, or election campaigns. Their right to vote and to express their views on public questions, either orally or through the press, is not denied, provided it does not interfere with the discharge of their official duties. No assessment for political purposes on officers or subordinates should be allowed.”
—Rutherford Birchard Hayes (1822–1893)