BISM1201 Lecture Notes - Lecture 1: Defence Mechanisms, Risk Assessment, Information System

Risk ma(cid:374)age(cid:373)e(cid:374)t: risk is the likelihood of an adverse occurrence multiplied by the likely loss/cost to the business, risk must be quantified (this is the risk analysis component of risk management) Risk mitigation (reduction: organisation takes concrete actions against risk, 3 strategies for risk mitigation (goal to reduce risk) Implement controls and develop recovery plan (business continuity) Information systems security comprises; risk management; business continuity: risk acceptance, accept the potential risk - no controls, risk limitation, reduce the risk via controls - an "active" defence policy, risk transference, move the risk to a third party.