Q1: Define the concept Information Security risk. Why is risk the underlying concept that forms the basis of computer security? How does Information Security risk influence the decisions made regarding Information Security policy in your organization?
Q2: What is the risk management approach? Provide examples of countermeasures that can be utilized to mitigate the risk to a computer network. What countermeasures are used in your organization or for your personal computer?
Q1: Define the concept Information Security risk.
To approach solving this assignment, first search the Web using the phrases they give you: information security risk. Pick a couple of the best-looking hits to skim, and choose one to really read and pick quotes from for any paper you have to write. I picked this one: http://csrc.nist.gov/publications/nistpubs/800-39/SP800-39-final.pdf
This one defines in the introduction what information systems are, and describes how important they are for the functioning of modern-day America, in all sectors of society. They then acknowledge that there are information system threats which can adversely affect the functioning of those information systems. These threats include purposeful attacks, environmental disruptions, and human or machine errors. So, information system risk is the possibility or statistical probability of such harm to the system.
Why is risk the underlying concept that forms the basis of computer security?
If there were no risk, there would be no need to devise a computer security program or policy. If ...
Discussion, with Web references, of Information Security Risk factors and how they might be mitigated