IT Risk - IT Risk Management

IT Risk Management

IT risk management can be considered a component of a wider enterprise risk management system.

The establishment, maintenance and continuous update of an ISMS provide a strong indication that a company is using a systematic approach for the identification, assessment and management of information security risks.

Different methodologies have been proposed to manage IT risks, each of them divided in processes and steps.

The CISA Review Manual 2006 provides the following definition of risk management: "Risk management is the process of identifying vulnerabilities and threats to the information resources used by an organization in achieving business objectives, and deciding what countermeasures, if any, to take in reducing risk to an acceptable level, based on the value of the information resource to the organization."


Read more about this topic:  IT Risk

Famous quotes containing the words risk and/or management:

    Combining paid employment with marriage and motherhood creates safeguards for emotional well-being. Nothing is certain in life, but generally the chances of happiness are greater if one has multiple areas of interest and involvement. To juggle is to diminish the risk of depression, anxiety, and unhappiness.
    Faye J. Crosby (20th century)

    The management of fertility is one of the most important functions of adulthood.
    Germaine Greer (b. 1939)