| | |  | CISSP | Home » » » » » A Practical Approach to Managing Information System Risk | | | | | | | Description: | | The purpose of this paper is to provide security managers with a working understanding of risk management as it applies to information systems. The processes and tools included assume that organization- and enterprise-level controls are already functioning, and implementation of the target system is taking place within this existing security context.
I begin by exploring the challenges facing security managers every day when trying to balance security with the needs of business managers to maintain and improve operational effectiveness. I then define risk management and provide an overview of how to strategically approach the application of reasonable and appropriate safeguards. Finally, I provide a model and related tools for conducting a risk assessment, selecting the right controls, obtaining approval for implementation, and managing risk throughout the target system?s lifetime. | | | | Customer Reviews: | |
Average Customer Review:
 ( 0 customer reviews )
Write an online review and share your thoughts with other customers.
| | |
|
