Risk Management and Security Basics

Purpose of Information Security - To provide security for organizational assets, commiserate to the value of the assets, threats and vulnerabilities - commiserate statement - It needs to be appropriate for the asset you are protecting and be reduced to a level that is acceptable to senior leadership

Information Security Risks should be reduced to a level which is acceptable to senior leadership - Assets: something we value - doesn't have to be tangible - Threats: something which could pose harm to the asset - Vulnerability: a weakness of lack of protection of the asset - Control: implemented to mitigate risk - Risidual Risk: the amount of risk leftover after implementing a control

Risk = Asset x Threat x Vulnerability