Information Security Resources

Entries Tagged ‘Risk Management’

Being Humble: The right mind set for Corporate Governance and IT Governance

For every first lesson I teach about Risk Management and Contingency Planning, I always like to raise an example to begin a discussion about the illusions of human beings. This illusion is best illustrated by an interesting game called the Monty Hall Problem, which goes like this: Suppose you are a lucky game show player […]

Leave a Comment

What is Risk, Vulnerabilities, Threats, and Countermeasures: Risk Management Lesson 101 for Information Security

In this article, I will use layman’s terms and descriptions to help you understand the various fundamental concepts of Risk Management in Information Security. To illustrate those concepts, I like to use a popular diagram1 from Common Criteria, shown below: In the center of this diagram you’ll find the term vulnerabilities. Vulnerabilities are any weaknesses […]

Leave a Comment

Information Risk Management : The Core Concept of Information Security Management

In today’s environment, Risk Management is considered a core management issue in modern corporate governance. We have been discussing this concept in several areas of finance. Now, we are considering the subject as it pertains to the area of Information Security (IS). This is an important consideration since, in the past thirty years, IS systems […]

Leave a Comment