Information Security and Risk Management

Information Security and Risk Management

Author: 
Chen, Thomas M.
Place: 
Hershey
Publisher: 
IGI Global
Date published: 
2008
Editor: 
Pagani, Margherita
Journal Title: 
Encyclopedia of Multimedia Technology and Networking, Second Edition
Source: 
Encyclopedia of Multimedia Technology and Networking, Second Edition
Abstract: 

It is easy to find news reports of incidents where an organization’s security has been compromised. For example, a laptop was lost or stolen, or a private server was accessed. These incidents are noteworthy because confidential data might have been lost. Modern society depends on the trusted storage, transmission, and consumption of information. Information is a valuable asset that is expected to be protected. Information security is often considered to consist of confidentiality, integrity, availability, and accountability (Blakley, McDermott, & Geer, 2002). Confidentiality is the protection of information against theft and eavesdropping. Integrity is the protection of information against unauthorized modification and masquerade. Availability refers to dependable access of users to authorized information, particularly in light of attacks such as denial of service against information systems. Accountability is the assignment of responsibilities and traceability of actions to all involved parties. Naturally, any organization has limited resources to dedicate to information security. An organization’s limited resources must be balanced against the value of its information assets and the possible threats against them. It is often said that information security is essentially a problem of risk management (Schneier, 2000). It is unreasonable to believe that all valuable information can be kept perfectly safe against all attacks (Decker, 2001). An attacker with unlimited determination and resources can accomplish anything. Given any defenses, there will always exist a possibility of successful compromise. Instead of eliminating all risks, a more practical approach is to strategically craft security defenses to mitigate or minimize risks to acceptable levels. In order to accomplish this goal, it is necessary to perform a methodical risk analysis (Peltier, 2005). This article gives an overview of the risk management process.

CITATION: Chen, Thomas M.. Information Security and Risk Management edited by Pagani, Margherita . Hershey : IGI Global , 2008. Encyclopedia of Multimedia Technology and Networking, Second Edition - Available at: http://library.au.int/information-security-and-risk-management