Overview of risk management, business continuity, and security education

Asset protection forms the baseline for security. Unintended disclosure, unauthorized modification, or destruction of an asset can affect security.

Observe the following illustration:

Fig 1

• Risk is to assets from threat sources.
• The asset requires protection from attacks.
• Protection is based on the value of the assets. The value can be based on monetary value, anticipated loss due to customer dissatisfaction, damage to corporate image, or all of the above.
• Risk management is to identify, assess, control, and mitigate risks.
• Risk management consists of monitoring, reviewing, communicating, and improving mechanisms.
• Risks that compromise the availability of assets and resources are treated through Business Continuity Plans (BCP).
• Security education is an integral part of risk management.

These concepts are covered in detail in the rest of this chapter.