Premium Content

Access "The security risk management lifecycle framework"

Andrew Briney Published: 02 Jun 2003

IT security risk management is best approached as a "lifecycle" of activities, one logically leading into the next. The most important thing to remember is that risk is evolutionary, which means these activities must be continuously repeated and refined. Here's a basic framework of critical steps. Identify Assets You can't secure an asset if you don't know it exists. The first step in risk management involves asset identification, classification and valuation. CISOs are the custodians of information, not the owners. Make sure you work with departmental and business unit leaders to determine an asset's value to the organization. Assess Risk Next comes the difficult part: assessing the overall risk to the asset. There are several formal methods for doing this, including qualitative and quantitative risk analysis. To assess an asset's risk, you have to evaluate three variables: the overall threat to the asset (both inside and outside the organization); its inherent and environmental vulnerability levels; and the cost of loss, downtime and recovery should it be ... Access >>>

Access TechTarget
Premium Content for Free.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

What's Inside


More Premium Content Accessible For Free