Introduction to Information Security and Risk Management
Risk management is a process of determining the vulnerabilities that are present in an organization’s information system. It is done by taking carefully planned out steps to assure confidentiality, availability and integrity of all the components inside the organization’s information system (Whitman & Mattord, 2003). Managing risks is not an easy task with limited resources and the changing landscape of threats and vulnerabilities in the system. This makes mitigating all the risks impossible that is why it is important that professionals must have the right tools to help them to be consistent in managing the uncertainties present in ...