Practical Methods for Information Security Risk Management

Practical Methods for Information Security Risk Management

The purpose of this paper is to present some directions to perform the risk man-agement for information security. The article follows to practical methods through question-naire that asses the internal control, and through evaluation based on existing controls as part of vulnerability assessment. Th...

Full description

Bibliographic Details
Main Author: Cristian AMANCEI
Format: Article
Language:English
Published: Inforec Association 2011-01-01
Series:Informatică economică
Subjects:
Risk Management
Threats
Vulnerabilities
Information Security
Online Access:http://www.revistaie.ase.ro/content/57/13%20-%20Amancei.pdf
Description
Summary:The purpose of this paper is to present some directions to perform the risk man-agement for information security. The article follows to practical methods through question-naire that asses the internal control, and through evaluation based on existing controls as part of vulnerability assessment. The methods presented contains all the key elements that concurs in risk management, through the elements proposed for evaluation questionnaire, list of threats, resource classification and evaluation, correlation between risks and controls and residual risk computation.
ISSN:1453-1305
1842-8088

Similar Items