Book Image

Information Security Handbook

By : Darren Death
Book Image

Information Security Handbook

By: Darren Death

Overview of this book

Having an information security mechanism is one of the most crucial factors for any organization. Important assets of organization demand a proper risk management and threat model for security, and so information security concepts are gaining a lot of traction. This book starts with the concept of information security and shows you why it’s important. It then moves on to modules such as threat modeling, risk management, and mitigation. It also covers the concepts of incident response systems, information rights management, and more. Moving on, it guides you to build your own information security framework as the best fit for your organization. Toward the end, you’ll discover some best practices that can be implemented to make your security framework strong. By the end of this book, you will be well-versed with all the factors involved in information security, which will help you build a security framework that is a perfect fit your organization’s requirements.
Table of Contents (19 chapters)
Title Page
Credits
About the Author
About the Reviewers
www.PacktPub.com
Customer Feedback
Preface

Who owns organizational risk?


Risk ownership is a very important topic and is given careful attention today in light of large-scale breaches in government and private sector information systems. In the past, many organizations viewed information security risk as being something that was the responsibility of the IT division of an organization. While this is not, and has never been, an acceptable practice it is how many organizations effectively viewed the ownership of risk within their organization.

The issue that many organizations encounter is the concept of risk ownership versus risk management.

Risk ownership

Understanding risk ownership, and who does not own risk, is critically important in order to make the correct risk decisions that support your organization's business and mission objectives:

  • Risk ownership is held by the C-suite and/or people at the boardroom level.
  • The ability to own risk is tied to authority and the ability to commit funds to reduce risk.
  • Senior leaders have the ability...