IT Risk Management
IT risk management can be considered a component of a wider enterprise risk management system.
The establishment, maintenance and continuous update of an ISMS provide a strong indication that a company is using a systematic approach for the identification, assessment and management of information security risks.
Different methodologies have been proposed to manage IT risks, each of them divided in processes and steps.
The CISA Review Manual 2006 provides the following definition of risk management: "Risk management is the process of identifying vulnerabilities and threats to the information resources used by an organization in achieving business objectives, and deciding what countermeasures, if any, to take in reducing risk to an acceptable level, based on the value of the information resource to the organization."
Read more about this topic: IT Risk
Famous quotes containing the words risk and/or management:
“I’m a very smart guy. I haven’t a feeling or a scruple in the world. All I have the itch for is money. I am so money greedy that for twenty-five bucks a day and expenses, mostly gasoline and whisky, I do my thinking myself, what there is of it; I risk my whole future, the hatred of the cops ... I dodge bullets and eat saps, and say thank you very much, if you have any more trouble, I hope you’ll think of me, I’ll just leave one of my cards in case anything comes up.”
—Raymond Chandler (1888–1959)
“Why not draft executive and management brains to prepare and produce the equipment the $21-a-month draftee must use and forget this dollar-a-year tommyrot? Would we send an army into the field under a dollar-a-year General who had to be home Mondays, Wednesdays and Fridays?”
—Lyndon Baines Johnson (1908–1973)