Download now Free registration required
The mantra spinning around in the heads of most security managers affirms that managing security is about managing risk. Although they know this is the right approach, and they understand the importance of balance in designing and implementing security controls, many of them came up through the ranks of network engineering, programming, or some other technical discipline. While this helped to prepare for the technology side of their jobs, the skills necessary to assess and understand business risk arising from the use of information systems were not sufficiently developed. The purpose of this paper is to provide security managers with a working understanding of risk management as it applies to information systems.
- Format: PDF
- Size: 547.8 KB