Talk With an Expert

Security Program Management and Risk

Security Program Management and Risk (PDF, 1.61MB)Published: 02 Jun, 2003
Created by
Archie Andrews

Information security should be managed as a program that requires the same degree of attention and responsibility as other resourced programs within an organization. This paper argues for building a security management program on a foundation of business risk assessment and risk management. It defines and explains risk, risk assessment, risk management and relates business risk management to security risk management. A synopsis of the steps in risk management and guidance on the key components for effectively implementing a security risk management program into an enterprise is provided. The reader should have a fuller understanding of the best practices associated with risk assessment and risk management and be able to use risk analysis to communicate with business process owners in terms of the risks to confidentiality, integrity, and availability in their areas of concern.