Risks are the combination of vulnerabilities that may be exploited by threats together with the potential impact on the asset. In information assurance, risks exist when the result of the previous relationship is positive. Risk management refers to the application of a method that consists of policies, procedures, and practices used to identify these risk events. The objective is to identify, analyze, treat, evaluate, and continue to improve the way the organization manages its risk profile. In short, risk management is a means to identify, manage, and control risk.
- Chapter 11 Information Assurance Risk Management
- from Information Assurance Handbook: Effective Computer Security and Risk Management Strategies
- Publisher: McGraw-Hill Osborne Media
- Released: September 2014
Share this highlighthttp://www.safaribooksonline.com/a/information-assurance-handbook/67895/