A framework for the management of information security risks
Document Type
Journal Article
Publisher
Springer Science & Business Media
Faculty
Faculty of Computing, Health and Science
School
School of Computer and Information Science / Centre for Security Research
RAS ID
4592
Abstract
This paper looks at the development of a framework for information security risk assessments within an organisation. A risk framework is a convenient and communicable tool that can be used to describe the principles and essential components of the security risk management process of an organisation. The framework shows how significant risks can be identified, assessed and treated. It also explains the measures that can be taken to mitigate or ‘treat’ the risk exposure of the organisation for the future. The risk framework will provide a common language, which can be used by all of the parties that are involved in the process, from the members of the board, through the security and audit staffs, to the end users of the systems, as a vehicle for communication and improved understanding. In addition, a risk framework will provide a high level outline for the way in which an organisation will implement information security risk management and define the roles of the key participants in the process.
DOI
10.1007/s10550-007-0005-9
Comments
Jones, A. (2007). A framework for the management of information security risks. BT Technology Journal, 25(1), 30-36. Available here