RISK MANAGEMENT IS AN IMPORTANT information security tool. The risk management process helps an organization understand the risks, vulnerabilities, and threats that it faces each day. It helps it understand its security posture. It also helps the organization know where to strengthen that posture. An organization can't meet its information security goals if it doesn't understand its risks. It may not be able to properly protect its resources and data.

This chapter focuses on information technology risk management. It reviews fundamental risk concepts and how they're applied. It explains how organizations use risk management to help them create their other contingency plans. ...