Abstract
Risks in Information systems and technologies come from different dimensions in addition to security such as financial risks, managerial risks, people risks, etc. The cycle of risk and security management include 4 main stages: (1) Risks identifications, (2) Risk assessment and prioritizations, (3) Risk mitigations (e.g., prevention, tolerance, etc.), and finally (4) Risk monitoring to track all previous activities in future.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Campbell, G. (2013). Metrics for success: Aligning incident impact with “Acceptable” risk, what is your organization’s risk tolerance? Security info. Watch (www.securityinfowatch.com), June 14, 2013.
Biba, K. J. (1977). Integrity considerations for secure computer systems, USAF Electronic Systems Division.
The Institute of Internal Auditors. (2016). guidance@theiia.org, Assessing cybersecurity risk roles of the three lines of defense.
Emtec Boot Camp Web Event, Crawl, walk, run, approach, IT service catalogue, May 2011.
Cherdantseva, Y., & Hilton, J. (2013). A reference model of information assurance & security. In 2013 Eighth International Conference on Paper Presented at the Availability, Reliability and Security (ares).
Stoneburner, G., Hayden, C., & Feringa, A. (2001). Engineering principles for information technology security (a baseline for achieving security).
Matteucci, I. (2008). Synthesis of secure systems. PhD thesis, University of Siena (April 2008).
NIST. (2013). Security and privacy controls for federal information systems and organizations: National Institute of Standards and Technology (NIST).
Dufel, M., Subramanium, V., & Chowdhury, M. (2014). Delivery of authentication information to a RESTful service using token validation scheme: Google Patents.
Sandhu, R. S., Coyne, E. J., Feinstein, H. L., & Youman, C. E. (1996). Role-based access control models. Computer, 29(2), 38–47.
Kuhn, D. R., Hu, V. C., Polk, W. T., & Chang, S.-J. (2001). Introduction to public key technology and the federal PKI infrastructure.
NIST. (1994). Federal Information Processing Standard (FIPS) 191: National Institute of Standards and Technology (NIST).
Alsmadi, I., Burdwell R., Aleroud A., Wahbeh A., Al-Qudah, M. A., & Al-Omari, A. (2018). Practical information security. Cham: Springer.
CBS News, April 21, 2016. http://www.cbsnews.com/news/fbi-paid-more-than-1-million-for-san-bernardino-iphone-hack-james-comey/.
Kimberly Underwood, DHS Builds Mobile Defenses, the cyber edge, July 1, 2018.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
© 2020 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Alsmadi, I. (2020). IT Risk and Security Management. In: The NICE Cyber Security Framework. Springer, Cham. https://doi.org/10.1007/978-3-030-41987-5_3
Download citation
DOI: https://doi.org/10.1007/978-3-030-41987-5_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-41986-8
Online ISBN: 978-3-030-41987-5
eBook Packages: EngineeringEngineering (R0)