Risk is a crucial element in all our lives. In every action we plan to take in our personal and professional lives, we need to analyze the risks associated with it. From a cyber security perspective, industries such as energy, healthcare, banking, insurance, retail, etc., involves a lot of risks which impedes the adoption of technology and which needs to be effectively managed. The associated risks which need to be addressed evolve quickly and must be handled in a short period of time.
Computing technology is not restricted to Mainframes and PCs anymore. Both simple and advanced devices are now part of our everyday lives, ranging from road signs to intelligent vending machines to advanced diagnosing medical services. Each of these new types of devices needs to be secured since they all have their own requirements regarding Confidentiality, Integrity, and Availability of the data or resources they provide.
Risk management involves comprehensive understanding, analysis and risk mitigating techniques to ascertain that organizations achieve their information security objective. Risk is fundamentally inherent in every aspect of information security decisions and thus risk management concepts help aid each decision to be effective in nature.
The major components of Security and Risk Management crucial for CISSP are:
- Information security within the organization / Security Model
- The triad of information security – Confidentiality, Integrity and Availability
- Security governance principles
- Business continuity requirements
- Policies, standards, procedures, and guidelines
- Risk management concepts
- Threat modeling
Goals of a Security Model
The two primary objectives of information security within the organization from a risk management perspective include:
- Have controls in place to support the mission of the organization.
- All the decisions should be based on risk tolerance of organization, cost and benefit.
*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Infosec. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/YYltjhNCLnc/