Security in computing
Management Of Information Security, 2/E
Management Of Information Security, 2/E
Managing Information Systems Security and Privacy
Managing Information Systems Security and Privacy
| Hi-index | 0.00 |
Users need to adjust to constant changes, as do they need to manage threats to information technology. The only way of controlling the threats is executing a process of risk management which enables managing the threats. This article represents the ways of managing the threats, and researches the existence of risk management systems in practice. For this purpose, a research has been conducted among different organizations. The results of the research are revealing the problems of incomprehension of the threats. Moreover, a structure of risk management systems depends completely on each individual organization. The problem is therefore a fact that exist as many systems as organizations. The organizations choose mostly among following approaches: informal or unsystematic approach; general approach which provides the same protection mechanism for every organizational level; exact approach which refers to analysis of the entire information system; the combination of general and exact approach. When the organizations choose the approach, they establish the control mechanisms. With those mechanisms we can simply avoid the risks, mitigate the consequences, accept a particular risk, or introduce adequate security mechanisms. Due to continual changes, such system must be constantly evaluated and improved. In the process of managing the information security, it is of great significance to establish the risk management system, to be able to recognize the most exposed fields and to protect them accordingly.