IRMA-International.org: Creator of Knowledge
Information Resources Management Association
Advancing the Concepts & Practices of Information Resources Management in Modern Organizations
navleft navright Research IRM Open Access IRMA Journals IRM Books Proceedings Membership

The IRMA Community

Calls for Papers
Online Symposium
Newsletters

Research IRM

Click a keyword to search titles using our InfoSci-OnDemand powered search:

Information Security and Risk Management

Information Security and Risk Management
View Sample PDF
Author(s): Thomas M. Chen (Southern Methodist University, USA)
 Copyright: 2009
 Pages: 7
 Source title: Encyclopedia of Multimedia Technology and Networking, Second Edition
Source Author(s)/Editor(s): Margherita Pagani (Bocconi University, Italy)
 DOI: 10.4018/978-1-60566-014-1.ch090

Purchase

View Information Security and Risk Management on the publisher's website for pricing and purchasing information.

Abstract

It is easy to find news reports of incidents where an organization’s security has been compromised. For example, a laptop was lost or stolen, or a private server was accessed. These incidents are noteworthy because confidential data might have been lost. Modern society depends on the trusted storage, transmission, and consumption of information. Information is a valuable asset that is expected to be protected. Information security is often considered to consist of confidentiality, integrity, availability, and accountability (Blakley, McDermott, & Geer, 2002). Confidentiality is the protection of information against theft and eavesdropping. Integrity is the protection of information against unauthorized modification and masquerade. Availability refers to dependable access of users to authorized information, particularly in light of attacks such as denial of service against information systems. Accountability is the assignment of responsibilities and traceability of actions to all involved parties. Naturally, any organization has limited resources to dedicate to information security. An organization’s limited resources must be balanced against the value of its information assets and the possible threats against them. It is often said that information security is essentially a problem of risk management (Schneier, 2000). It is unreasonable to believe that all valuable information can be kept perfectly safe against all attacks (Decker, 2001). An attacker with unlimited determination and resources can accomplish anything. Given any defenses, there will always exist a possibility of successful compromise. Instead of eliminating all risks, a more practical approach is to strategically craft security defenses to mitigate or minimize risks to acceptable levels. In order to accomplish this goal, it is necessary to perform a methodical risk analysis (Peltier, 2005). This article gives an overview of the risk management process.

Related Content

Nithin Kalorth, Vidya Deshpande. © 2024. 7 pages.
Nitesh Behare, Vinayak Chandrakant Shitole, Shubhada Nitesh Behare, Shrikant Ganpatrao Waghulkar, Tabrej Mulla, Suraj Ashok Sonawane. © 2024. 24 pages.
T.S. Sujith. © 2024. 13 pages.
C. Suganya, M. Vijayakumar. © 2024. 11 pages.
B. Harry, Vijayakumar Muthusamy. © 2024. 19 pages.
Munise Hayrun Sağlam, Ibrahim Kirçova. © 2024. 19 pages.
Elif Karakoç Keskin. © 2024. 19 pages.
IRMA Offers Over 2,500 Full Text Open Access Research Papers for Free Download Click to Start Searching Free IRM Research!

IRMA Sponsors

Sponsor IGI Global

Sponsor eContentPro

Encyclopedia of Information Science and Technology, Fourth Edition
Body Bottom
About Us | Contact | Sitemap | Legal | Policies
Copyright ©2024, Information Resources Management Association. 701 East Chocolate Avenue, Hershey, PA 17033.