Information Security : It Risk Management

1795 Words8 Pages
ITC 596 - IT Risk Management Professor: Michael Baron

Table of Contents
1. Information security is Information risk management 3
2. Information Security Risk Assessment: The Qualitative Versus Quantitative 5
3. Perception of Risk 7
Reference 9

1. Information security is Information risk management

The present Information Security technology seems insufficient to totally deal with all the ICT problems of the organization. As per Bob Blakley, Ellen McDermott and Dan Geer, the present security technology available doesn’t reduce the risk very effectively (Blakley, McDermott, & Geer, 2002). A need is imminent to totally revamp the approach if the Organizations aspire to deal effectively with the problem. Information Security is essential because the technology used for processing data and generating information creates risks.
From the business organizations point of view, Risk is an event with probability of occurring between zero to one and the effect of such event happening would be an amount of diminution of the business value. As per Bob Blakely et al, Cost of Risk is measurable in terms of Annualized Loss Expectation (ALE) - which is the expected cumulative cost of risk over a period of a year as estimated in advance. Business Organizations manage risk through mechanisms such as liability transfer, indemnification, mitigation, and retention. Once the information risk is sufficiently known,
Get Access