What is risk?

Information security risk comes into play when there is a potential event or circumstance that could lead to organizational disruption, damage to organizational reputation, or financial loss because of failure of an information system.

The goal of information security risk management is to minimize the overall risk to an organization, as well as people, processes, and technology related to the information systems within an organization.

Risk management involves the entire organization, from senior executives down to front-line employees. This highly complex process requires a thorough understanding of how people, processes, and technology interact in the organization at all levels.