The Path from Information Security Risk Assessment to Compliance: Part 1: Assessing Security Risk in a Business Context

Abstract

Risk assessment allows us to put information security issues in the context of the business. As technical practitioners, often we talk about information security issues by referring to the components of risk a particular threat, a particular vulnerability. But it's really until we combine those into the variable of the risk equation and discuss the potential impact to the organization, only then can we bring it into the context of what's important to the organization and answer what I like to call the "so-what" test.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 01, 2007
Accession Number
AD1145903

Entities

People

  • Bill Wilson
  • Julia H. Allen

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Air Force
  • Case Studies
  • Commerce
  • Copyrights
  • Cycles
  • Data Analysis
  • Engineering
  • Environment
  • Information Security
  • International Organizations
  • Language
  • Life Cycles
  • Risk
  • Risk Analysis
  • Risk Management
  • Security
  • Standards
  • Test And Evaluation
  • Universities
  • Vulnerability

Fields of Study

  • Computer science

Readers

  • Defense Acquisition Program Management
  • Educational Psychology
  • Strategic Security Studies