RISK MANAGEMENT IS an important information security tool. The risk management process helps an organization understand the risks, vulnerabilities, and threats that it faces each day. It helps the organization understand its security posture. It also helps the organization know where to strengthen that posture. An organization cannot meet its information security goals if it does not understand its risks. It may not be able to properly protect its resources and data.
This chapter focuses on information technology (IT) risk management. It reviews fundamental risk concepts and how they are applied. It explains how organizations use risk management to help them create their other contingency plans.
Chapter 14 Topics
This chapter covers the following topics and concepts:
Chapter 14 Goals
When you complete this chapter, you will be able to: