Information Security Risk Management - How to Select a Risk Analysis Software package
Abstract
A valuable tool is going relatively unnoticed by information security
professionals - the conducting of risk assessment/analysis within their
organizations. In Datapro's "Computer Security Issues: 1995 Survey" between
21 to 31 of the total survey respondents conducted a risk assessment/
analysis as one of their security measures. The percentages varied slightly
depending on the environment being protected - microcomputer, data network,
or midrange/mainframes. Information security is too broad an issue and
resources are too short supply for security professionals to be guessing
where to spend the money. Risk management is the practice of defining and
analyzing the threats to organizational assets and capabilities, and for
assisting management in optimizing the return on investment of information
security resources. This report provides a methodology for developing an
information security risk management program. The necessary steps needed to
develop a plan are presented and a process for the plan's maintenance are
discussed.
Institution
Datapro Information Services Group
Note
Datapro presents these reports in conjunction with the 18th National
Information Systems Conference (NISSC), October 10-13, 1995.
Publication Date
0000-00-00
Location
A hard-copy of this is in the Papers Cabinet