Information security is one of the most talked about concept these days in company and every one wants to have it. Common myth is that itâEUR(TM)s a plug and play system where you can just install it in your company and get your self secure with all threats. Unfortunately, its not an umbrella that will save you from all the rain. You will have to plan, analyze and customize a security management system based on your needs and circumstances.
In this write up we will talk about how Risk Management is linked with Information security and why it is vital to consider Risk Management as an integral part of Information security. Would you like to spend 100,000 US $ to protect a thing that is worth the same or less? Does it make any sense, No, so before managing risks, you need to assess the risk, that means first analyze how much information is important, what is the consequence for if you lose any important information or it goes in wrong hands.
Too many companies believe security as something that belongs only to the IT department whereas risk assessment and management is a business process that fits to all the business units. Risk management should be evaluated as an integral process of any business capacity. It plays a vital role in the effectiveness of technology as well as processes and procedures and people that are handling that technology.
i work as marketing executive at Catalyic Consulting I try to provide interesting insights on ISO, ISMS, ITIL and CMMI Process improvement practices