What Are the Three Primary Aspects of Information Security Risk Management & Why Is Each Important?

Organizations try to manage the security risk posed by widespread access to information.

Information risk management is made up of assessing the risk, mitigating possible risk and monitoring the result. Assessing the risk involves defining the nature of the risk to information security and determining how information system security can fail. This leads directly to mitigation through upgrading systems so that the identified failures become unlikely. Finally, risk management includes monitoring the results of the interventions to see if they resulted in the desired mitigation.

Print this article

Basics
- An organizational unit must ensure that it has the capabilities to accomplish its mission. It must identify risks that threaten those capabilities, and evaluate protective measures, keeping in mind the economic cost of those measures. One risk that most modern organizations face is compromised information security. An organizational unit must identify where compromised information security would affect its capabilities to accomplish its mission, and take appropriate corrective measures within its established budgetary framework.
Assessment
- Once an organizational unit has concluded that information security poses a risk to its capabilities, it must assess its systems, operations, procedures and external interactions to find out where the risks lie. This means identifying possible threats, vulnerabilities to those threats, possible countermeasures, impact and likelihood. Risks can be classified as to severity depending on impact and likelihood. The importance of assessment is that it allows the identification of high risks that must be mitigated.
Mitigation
- Mitigation means dealing with the risk that was identified by the assessment. Strategies for dealing with the risk include accepting the risk, adopting measures which will lower the risk, avoiding the risk by eliminating the cause, limiting the risk by putting in place controls, or transferring the risk to a supplier, customer or insurance company. Which strategy is appropriate is determined by the extent to which the risk impairs the ability of the organization to fulfill its mission, and the cost of implementing the strategy. Structured mitigation is important as a framework for risk management.
Evaluation and Monitoring
- Once assessment and mitigation have been completed, the organizational unit must evaluate the result and monitor progress. This process starts with an evaluation of the effects of the assessment and mitigation, including the setting of benchmarks for progress. It continues with the evaluation of the effect of changes and additions to information systems. Finally, it performs continuous monitoring of information security performance, with the aim of identifying areas which may have to be assessed for additional risk. Evaluation and monitoring is important for determining how successfully the organizational unit has managed its information security risk.

Photo Credit Ryan McVay/Photodisc/Getty Images

Comments

Primary Functions of Management
Primary Functions of Management. Every organization requires a strong management team to achieve success. Managers provide leadership and guidance to employees, and...
How to Choose Security Lighting
Home security consists of home monitoring systems and quality door locks and windows. It also consists of quality outdoor security lighting. Security...
The Three Primary Types of Volcanoes
Volcanoes -- openings in the earth's crust that allow magma and subterranean gas to reach the surface -- are found throughout the...
The Importance of the Information Security Policy in the Local Government
Information security policies are essential for all levels of government. Local governments are responsible for protecting not only citizens' information, but the...
Why Is Strategic Planning Important to an Organization?
Strategic planning within an organization provides the "how" to the organizational goal question: "What are we trying to accomplish?" The nature of...
The Primary Purpose of Perimeter Security
A perimeter is the boundary that separates your assets from the outside world. The purpose of perimeter security is to deter, detect,...
The Impact of a Management Information System
Since businesses have existed, managers have needed to obtain, organize and analyze information. The means by which managers handle business data to...
Guidelines for the Security of Information Systems & Networks
The amended IEEE 802.11i specification introduces the Robust Security Network to improve the standard for wireless local area networks. An RSN includes...
The Security Vulnerability Assessment for Information Technology
Information technology officers conduct security vulnerability assessments to find specific holes or vulnerabilities in computer and network systems. Penetration ...
The Security Vulnerability Assessment Tools
Security vulnerability assessment tools are used to aid risk assessment efforts. With regard to computers and information security, vulnerability assessment tools ...
Security Risk Management Training
Computer security professionals and other information technology personnel constitute the primary audience for security risk management training workshops.
What Is the National Security Personnel System?
The Office of Personnel Management (the federal government's personnel arm) participated in the transition of the defense civilian personnel to the NSPS.
Information Systems Security Requirements
An organizational mission statement pertaining to IS security requirements outlines authority, accountability and responsibilities of senior or executive management ...
Why Is Environmental Monitoring Important?
Many activities generate pollution and other types of damage to the environment. Environmental monitoring is an important tool for determining the impacts...
Role of Information Technology in Primary School
Information technology has helped greatly the progress of education in the primary schools. For example, downloadable Internet research materials assist teachers in...
How to Assess Home Security Risk
Home network security is not something to be taken lightly. By analyzing your antivirus, firewall and file encryption, you can determine if...

What Are the Three Primary Aspects of Information Security Risk Management & Why Is Each Important?

Other People Are Reading

Basics

Assessment

Mitigation

Evaluation and Monitoring

References

More Like This

Comments

You May Also Like

Related Ads

10 Tips for Used Car Shopping

You May Like