Security and Risk Management

View our 2018 and 2019 listing of information security (infosec) / cyber security training courses, events and conferences from around the world that are associated with Security and Risk Management.

Security and Risk Management is the process of identifying vulnerabilities in an organization’s info. system and taking steps to protect the confidentiality, integrity and availability of all of its components.

The major sub-processes include:

  • Risk Identification and Assessment
    • Identify and Prioritize Assets
    • Identify and Prioritize Threats
    • Identify Vulnerabilities between Assets and Threats (Vulnerability Analysis)
  • Risk Assessment
    • Calculate Relative Risk of each Vulnerability
  • Risk Control
    • Cost Benefit Analysis
      • Avoid
      • Control
      • Transfer
      • Mitigate
      • Accept

There are four groups that bear responsibility for effective management of security risks, each with unique roles:

  • Information Security Management – group with leadership role – most knowledgeable about causes of security risks (security threats and attacks)
  • IT Community / Management – group that helps build secure systems and ensure their safe operation
  • General Management – must ensure that sufficient resources (money & personnel) are allocated to IT and info. security groups to meet organizational security needs
  • Users – (when properly trained) group that plays critical part in prevention, detection and defence against security

    Apologies, but no results were found for the requested archive.