INFORMATION TECHNOLOGY RISK MANAGEMENT IN ENTERPRISE ENVIRONMENTS

Record Detail Back

XML

INFORMATION TECHNOLOGY RISK MANAGEMENT IN ENTERPRISE ENVIRONMENTS

Risk is a quantitative evaluation of the potential damage caused by an attack, a vulnerability, or an event impacting the set of company IT assets. A vulnerability (or weakness) is a lack of a safeguard, which may be exploited by a threat, causing harm to the information systems; speciﬁcally it can be a software ﬂaw that permits an exogenous agent to use a computer system without authorization or use it with authorization in excess of that which the system owner speciﬁcally granted said agent. Risk-generating events and vulnerabilities are implicitly related in the context of this discussion in the sense that (we postulate that) a vulnerability is ultimately caused by some subtending event, malicious or nonmalicious. For example, in a so-called ‘‘non- malicious event,’’ a ﬂaw may be introduced in some software release by its designers, and then the event of having the IT group load and distribute that software throughout the enterprise creates a predicament where risk ensues. A ‘‘malicious’’ event may be a direct attack on the organization ﬁrewall, router, website, or database platform.

Statement of Responsibility

Author(s)

Jake Kouns and Daniel Minoli - Personal Name

Edition

Call Number

ISBN/ISSN

978-0-471-76254-6

Subject(s)

INFORMATION TECHNOLOGY RISK MANAGEMENT IN ENTERPRI

Classification

NONE

Series Title

GMD

Information Technology

Language

English

Publisher

Publishing Year

2010

Publishing Place

Collation

1-441

Specific Detail Info

File Attachment

LOADING LIST...

Availability

LOADING LIST...