The factor of the risk and risk management In information security

Abstract

Risk is the consequence of events and dangers. To rephrase it, an event that will cause damage and deprivation and this happening can be described via the term of information. The word risk means foreseeable dangers or being under the threat of possible damage. It defines the occurrence of an event that could lead to damage or loss. This term is used for events that are synonymous with danger and are expected to occur, but it is not clear whether they will occur or not.

Thus, risk management means managing this uncertain environment. Risk Information Security Management system requires a risk-based approach. Information security policy emerges and is formed based on the results of risk analysis. Therefore, risk management is essential. As well as the systematic use of information contributes to identifying sources and forecasting risks. Information systems analyze the value of assets, threats and shortcomings in risk analysis. Here, the risks are assessed depending on the severity of the potential impact on the confidentiality, integrity and reliability of information systems. Everything that has value for an organization is called information availability. The standards define the availability of information as information that is valuable to the organization and should always be protected.

     Keywords: risk management, risk processing, risk assessment, risk monitoring, risk reassessment, risk review, Information security risk