Information Security Risk Management - How to Select a Risk Analysis Software package

Get BibTex-formatted data

Entry type

conference

Abstract

A valuable tool is going relatively unnoticed by information security professionals - the conducting of risk assessment/analysis within their organizations. In Datapro's "Computer Security Issues: 1995 Survey" between 21 to 31 of the total survey respondents conducted a risk assessment/ analysis as one of their security measures. The percentages varied slightly depending on the environment being protected - microcomputer, data network, or midrange/mainframes. Information security is too broad an issue and resources are too short supply for security professionals to be guessing where to spend the money. Risk management is the practice of defining and analyzing the threats to organizational assets and capabilities, and for assisting management in optimizing the return on investment of information security resources. This report provides a methodology for developing an information security risk management program. The necessary steps needed to develop a plan are presented and a process for the plan's maintenance are discussed.

Date

1995 – October

Address

Delran, NJ 08075

Institution

Datapro Information Services Group

Key alpha

unknown

Note

Datapro presents these reports in conjunction with the 18th National Information Systems Conference (NISSC), October 10-13, 1995.

Pages

3225-3230

Publication Date

0000-00-00

Location

A hard-copy of this is in the Papers Cabinet

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Conference{ unknown,
	title = "Information Security Risk Management - How to Select a Risk Analysis Software package",
	year = "1995",
	month = "October",
	address = "Delran, NJ 08075",
	institution = "Datapro Information Services Group",
	note = "Datapro presents these reports in conjunction with the 18th National
Information Systems Conference (NISSC), October 10-13, 1995.",
	pages = "3225-3230",
	abstract = "A valuable tool is going relatively unnoticed by information security
professionals - the conducting of risk assessment/analysis within their
organizations. In Datapro's "Computer Security Issues: 1995 Survey" between
21 to 31 of the total survey respondents conducted a risk assessment/
analysis as one of their security measures. The percentages varied slightly
depending on the environment being protected - microcomputer, data network,
or midrange/mainframes. Information security is too broad an issue and
resources are too short supply for security professionals to be guessing
where to spend the money. Risk management is the practice of defining and
analyzing the threats to organizational assets and capabilities, and for
assisting management in optimizing the return on investment of information
security resources. This report provides a methodology for developing an
information security risk management program. The necessary steps needed to
develop a plan are presented and a process for the plan's maintenance are
discussed.",
}