IntroductionInformation is an asset, like other important business assets. Information is now exposed to a growing number and a wide variety of threats and vulnerabilities. Businesses are vulnerable to various kinds of information risks inflicting varied damage and resulting in significant losses. “Security is like oxygen; when you have it, you take it forgranted, But when you don’t, getting it becomes the immediate and pressing priority” Joseph Nye, Harvard University.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Definition of TermsMitigation: The combination of the probability of an
event and its consequence.Risk assessment: The process by which risks
are identified and the impact of those risksdetermined.
Risk management: The process of determining
an acceptable level of risk, assessing the currentlevel of risk, taking steps to reduce risk to theacceptable level, and maintaining that level ofrisk.
Threat: A potential cause of an unwanted impact
to a system or organization.Vulnerability: Any weakness, administrative
process, or act or physical exposure that makesan information asset susceptible to exploit by athreat.
Hoh Peter In, Y.-G. K.-J. (2005). A Security Risk Analysis Model for Information Systems.
AsiaSim , 505-513.
Jake Kouns, D. M. (2010). Information Technology Risk Management in Enterprise Environments: A Review of Industry Practices and a Practical Guide to Risk Management Teams. Wiley-Interscience.
Rees, J. J. (n.d.). Value at Risk: A methodology for Information Security RiskAssessment. . Krannert Graduate School of Management Purdue University .
Team, M.-S. I. (2005). Malware Threats and mitigation strategies. US-CERT Informational Whitepaper , 1-10.
Creative Research Systems. “Survey Design” The Survey System’s Tutorial . RevisedMay 2011.
http://www.surveysystem.com/sdesign.htm, accessed 18 May 2011.
Harold F. Tipton, M. K. (2007). Information Security Management Handbook, SixthEdition. Auerbach Publications .
Jule Hintzbergen, K. H. (2010). Foundations of Information Security Based on Iso27001