Skip to main content

Information risk management

Published on January 31, 2019   46 min
Hello and welcome to Module Two of our six part series on "Practical Cybersecurity". Today, we'll be discussing "Risk Management". And in particular, what is information risk management? A simple online search will show us
that risk is defined as a situation involving exposure to danger. Now, for our purposes, that simply means the probability of an adverse situation unfolding. Doing a bit more digging, we see that risk management is defined as the forecasting and evaluation of financial risks, together with the identification of procedures to avoid or minimize their impact. That is a business definition, and certainly businesses care about risk management because it needs to be approached as a discipline rather than as just a project. For our purposes however, we care about the protection of those intangible assets. And those intangible assets are of course, handled, managed, touched by technology tools, by information systems, by computerized system. So the definition of IT risk management is the application of risk management methods, to IT in order to manage information risk. Now, what we need to look at specifically is the fact that information risk management is really the business risk associated with the use, ownership, operation, involvement, influence, and adoption of information systems and information technology within an enterprise or organization.