Jun 22, 2012
Measuring Risk: A Security Pro’s Guide
With the ever-expanding use and application of IT systems, a compromised IT asset can have serious implications for your organization. IT professionals must determine the specific risks associated these systems and the impact a compromise would have on the business, and they must communicate this information to senior management in a clear, contextual, timely manner.
No easy task, indeed.
IT professionals must use a combination of technologies, processes, experience and insight to accurately measure risk and impact. It is important to include all stakeholders in the process and to ensure that everyone is using the same terms. Guiding the process should be the goals of information security: confidentiality, availability and integrity, as well as a high-level understanding of the scope of risk the organization can afford to take. (S4610312)