Pro+ Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
June 2003

The security risk management lifecycle framework

IT security risk management is best approached as a "lifecycle" of activities, one logically leading into the next. The most important thing to remember is that risk is evolutionary, which means these activities must be continuously repeated and refined. Here's a basic framework of critical steps. Identify Assets You can't secure an asset if you don't know it exists. The first step in risk management involves asset identification, classification and valuation. CISOs are the custodians of information, not the owners. Make sure you work with departmental and business unit leaders to determine an asset's value to the organization. Assess Risk Next comes the difficult part: assessing the overall risk to the asset. There are several formal methods for doing this, including qualitative and quantitative risk analysis. To assess an asset's risk, you have to evaluate three variables: the overall threat to the asset (both inside and outside the organization); its inherent and environmental vulnerability levels; and the cost of loss, ...

Access this Pro+ Content for Free!

By submitting you agree to recieve email from TechTarget and its partners. If you reside outside of the United States you consent to having your personal data transferred and processed in the United States. Privacy Policy

Features in this issue

Columns in this issue

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

-ADS BY GOOGLE

Close