....................................................... 80
Environmental Metrics ........................................................................................... 80
Control Attributes ........................................................................................................... 80
Maturity ................................................................................................................. 80
Weight .................................................................................................................... 80
Residual Risk ................................................................................................................... 80
Summary ..................................................................................................................................81
Introduction
Information security, as a subset of an organization??™s overall risk management strategy, is a focused
initiative to manage risk to information in any form. Risk management concepts, when applied to
information risk, are readily managed within the context of an information security management
system (ISMS). An ISMS is a process-based management approach and furnishes a framework to
administer risk management processes.
Robust risk management processes identify and quantify areas of information risk and allow
for development of a comprehensive and focused risk treatment plan.
A clearly de?¬? ned risk assessment methodology is a mandatory component in legal or regulatory
compliance.
Pages:
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153