Information Security Risk Management

In this chapter, we will be discussing information security risk management, which provides the main interface between the information security program and the business for prioritization and communication.

In this chapter, you will learn:

• Key information security risk management concepts
• Determining where valuable data is located
• Quick risk assessment techniques
• How risk management affects different parts of the organization
• How to perform information categorization
• Security control selection, implementation, and testing
• Authorizing information systems for production operations