Hello and welcome to Module Two of our six part series on "Practical Cybersecurity".
Today, we'll be discussing "Risk Management".
And in particular, what is information risk management?
A simple online search will show us
that risk is defined as a situation involving exposure to danger.
Now, for our purposes,
that simply means the probability of an adverse situation unfolding.
Doing a bit more digging,
we see that risk management is defined as
the forecasting and evaluation of financial risks,
together with the identification of procedures to avoid or minimize their impact.
That is a business definition,
and certainly businesses care about risk management because it needs
to be approached as a discipline rather than as just a project.
For our purposes however,
we care about the protection of those intangible assets.
And those intangible assets are of course, handled, managed,
touched by technology tools,
by information systems, by computerized system.
So the definition of IT risk management is the application of risk management methods,
to IT in order to manage information risk.
Now, what we need to look at specifically is the fact
that information risk management is really
the business risk associated with the use, ownership,
operation, involvement, influence, and adoption of
information systems and information technology within an enterprise or organization.