/
ARCHIVE - InfoSec Risk Management

ARCHIVE - InfoSec Risk Management

Owned by Isaac Straley
Last updated: Jul 02, 2019 by Michelle Luttrell
Unable to render {include} The included page could not be found.
Find it. Delete it or Protect it.

In virtually every aspect of education, research, and administration there is an increased reliance on digital information and the technologies that support it. With this comes an increasing level of responsibility to protect these information assets from accidental or malicious exposure or damage. In light of current and pending federal and state legislation, it is imperative for departments to recognize that information risk management must be part of their strategic and continuity planning.

Risk management is the ongoing process of identifying these risks and implementing plans to address them. Risk is determined by considering the likelihood that known threats will exploit vulnerabilities and the impact they have on valuable assets.

Risk assessment is the part of the ongoing risk management process that assigns relative priorities for mitigation plans and implementation. It is a large part of the overall risk management process

Risk decisions are made all the time, sometimes without deep consideration and may even be based upon intuition. A formalized risk management process can uncover risks that were not anticipated, resolve funding conflicts, and help enhance executive buy-in to security improvements.