Good risk management fosters vigilance in times of calm and instills discipline in times of crisis.
Dr Michael OngExecutive Director, Center for Financial Markets
This chapter is about the heart of any Information Security Management System; the risk management methodology. The methodology used to identify, analyze, evaluate and treat risks is foundational to any ISMS, and sets the stage for identifying and appropriately protecting the organization’s assets.
Before we begin, what would you say is the definition of risk? Most security professionals would quote something like this:
1 Risk is the impact to an asset considering the probability that a particular threat will exploit a particular information system vulnerability. ...