Talk With an Expert

An Introduction to Information System Risk Management

An Introduction to Information System Risk Management (PDF, 1.72MB)Published: 06 Jun, 2006
Created by
Steve Elky

An understanding of risk and the application of risk assessment methodology is essential to being able to efficiently and effectively create a secure computing environment. Unfortunately, this is still a challenging area for information professionals due to the rate of change in technology, the relatively recent advent and explosive growth of the Internet, and perhaps the prevalence of the attitude (or reality) that assessing risk and identifying return on investment is simply too hard to do. This has kept information systems and information systems security in the undesirable position of being unable to systematically identify and monetarily quantify security risks. This in turn has led to inconsistent and inappropriate applications of security solutions as well as either excessive or insufficient funding for such activities. Therefore this paper addresses the issue of risk with respect to modern information systems and seeks to answer the following questions: 1) What is risk with respect to information systems? 2) What are the key elements of information security risk? 3) Why is an understanding of risk important? 4) What are the key elements of a risk assessment? 5) What are some of the common risk assessment methodologies?

An Introduction to Information System Risk Management