An understanding of risk and the application of risk assessment methodology is essential to being able to efficiently and effectively create a secure computing environment. Unfortunately, this is still a challenging area for information professionals due to the rate of change in technology, the relatively recent advent and explosive growth of the Internet, and perhaps the prevalence of the attitude (or reality) that assessing risk and identifying return on investment is simply too hard to do. This has kept information systems and information systems security in the undesirable position of being unable to systematically identify and monetarily quantify security risks. This in turn has led to inconsistent and inappropriate applications of security solutions as well as either excessive or insufficient funding for such activities. Therefore this paper addresses the issue of risk with respect to modern information systems.
Read Entire Paper
E-Mail Link
Your IP address will be sent with this e-mail
