Skip to content

Dated: 05-11-2024

Ch01. what is Information Security risk

  • Risk is a fundamental concept that drives all security standards, frameworks, and activities
  • In simple terms, Information Security Risk refers to the potential damage or loss that may be caused to an organization in the absence of appropriate controls
  • A process aimed at achieving an optimal balance between realizing opportunities for gain and minimizing vulnerabilities and loss
  • Usually accomplished by ensuring that impact of threats exploiting vulnerabilities is within acceptable limits at an acceptable cost (ISACA)
  • Risk is managed so that
    • It does not materially impact the business process in an adverse way
    • Acceptable level of assurance and predictability to the desired outcomes of any organizational activity
      Pasted image 20241105225043.png
  • Risk assessment
    • Foundation for effective risk management
    • Solid understanding of the risk universe
    • Nature and extent of risk to IT resources and potential impact on organizations activities
      Pasted image 20241105225111.png
  • Challenges with risk focused approach
    • In an environment where controls are absent, a risk based approach may become too academic
    • Effort should focus on 4-Step Security Transformation Framework

which of the following refers to the potential damage or loss that may be caused to an organization in the absence of appropriate controls.

  • Information Security Assessment
  • Information Security Governance
  • Information Security Risk
  • Information Security Technology