Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Management
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Re: Information Risk Management

from [jblackley] Network Security [Permanent Link]
Subject: Re: Re: Information Risk Management
Date: 16 Jun 2005 13:27:35 -0000 
Alan,

thank you for your advice regarding the ISF standard. I'd like to note here 
that the references in this standard are to risk analysis and not risk 
management - and the two are not synonymous.

Thanks to all the people who sent me pointers to various sites and papers.

To clarify my first comment in this post, I'd like to ask one more time for 
help but to be precise about what I need. To that end, let me try a little 
definition: If risk analysis is a process to identify and prioritize risks, 
risk management is an overall effort to manage risk to an acceptable level. In 
other words, risk management establishes the context, identifies and analyzes 
risks, evaluates and selects controls, implements controls, measures their 
effectiveness and communicates results to the leaders of an organization.

Having said all that, if there's anyone out there who can talk to me about how 
'risk management' has been successfully implemented at their organization, I'd 
be grateful.

John A Blackley
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Banking Security Policy & Risk Assesment Papers, Julias P
Next by Date:  RE: Banking Security Policy & Risk Assesment Papers, Fiamingo, Frank
Previous by Thread:  RE: Information Risk Management, Nitin Nair
Next by Thread:  Re: Information Risk Management, alan_willcox
Indexes:  [Date] [Thread] [Top] [All Lists]