Abstract
Currently the organization's risk management covers a wider range of risks, especially operational risks, reputation risks to the organization, and more recently, strategic risks. Moreover, within a growing number of organizations, responsibilities associated with risk management are assumed by the top management, which generally coordinates the teams of specialists directly responsible for monitoring the risks and the risk handling measures. This chapter focuses on how to implement an approach to reduce the identified risks to the information conveyed through computer systems and communications. In additional, it presents EU regulations relevant to the analysis and risk management information security.
TopBackground
Organizational culture refers to the values, beliefs and norms that influence the behavior and actions of both managers and the members of each organization (Sarabi, Naghizadeh, Liu & Liu, 2016). Organizational culture determines, in fact, how the activities are carried can explain why certain events occur in the organization (Norris, 2001).
Key Terms in this Chapter
Threat: A potential cause unwanted incidents that may result in damage to the mission of a system or an entire organization. Security threats can be accidental or deliberate (malicious) and are characterized by elements of threat, attack method, and the goods subject to the threat.
Risk: Is defined as the probability that a threat to exploit the vulnerabilities of property belonging to the organization and thereby cause injury organization.
Credibility: Is a concept directly related to risk management. How the organization addresses its credibility influences behavior, and internal and external relations of trust.
Residual Risk: Is the risk that remains after security measures are implemented in a computer system and communications, as a consequence of the fact that not all threats can be countered and not all vulnerabilities can be eliminated or reduced to zero.