2.2. Information Security Risk Management Principles

This section focuses on information security risk management principles. This is where we look at some of the philosophical underpinnings of an information security risk management approach. The principles shape the nature of risk management activities and provide the basis for the evaluation process. We group principles into the following three areas:

  1. Information Security Risk Evaluation Principles: key aspects that form the foundation of an effective information security risk evaluation

  2. Risk Management Principles:[1] basic principles common to effective risk management practices

    [1] These principles are similar in scope and intent to those documented in the Continuous Risk Management Guidebook ...

Get Managing Information Security Risks: The OCTAVESM Approach now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial