Premium Content

Access "The real information security risk equation"

Published: 19 Oct 2012

Risk management is a fundamental requirement of information security. Without it, the safety of the information or system cannot be assured. In information security, risk is a variable that must be understood in order to best create cost-effective solutions to minimize negative risks with minimal impact to usability and cost. Risks are often uncertain, misunderstood, and can change based on circumstances. Risk management provides a way for you to understand and handle risks that are optimal for security, IT, and the business. It creates a common language to identify, assess, and understand potential threats and vulnerabilities while identifying means for mitigating, accepting, or avoiding the risk. However, one of the reasons we have difficulty in translating risks to our users is that many security practitioners maintain an unrealistic view of risk because we use an overly complex risk equation. It typically contains variables for threats, vulnerabilities, and mitigation. This isn't how people naturally think. Security guru Bruce Schneier described this ... Access >>>

Access TechTarget
Premium Content for Free.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

What's Inside


More Premium Content Accessible For Free