Abstract
In contrast with previous chapters, we shall not consider one particular aspect of system security, but we study instead the security of a system as a whole. We will formalize security not in binary terms, where a system is either secure or insecure, but rather in terms of risk.
In the first part of this chapter we explain risk as an attribute of harmful events as they occur over the lifetime of an information system. Our notion of risk combines the likelihood and the impact of an event and builds the central element of risk analysis. After defining the components of a risk analysis, we introduce an approach to carrying out this activity.
In the second part of this chapter, we apply our approach on an extended example. Although our risk analysis will not be complete, it should provide the reader with an impression of a typical risk analysis and the challenges that occur when conducting such an analysis.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Basin, D., Schaller, P., Schläpfer, M. (2011). Risk Management. In: Applied Information Security. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-24474-2_8
Download citation
DOI: https://doi.org/10.1007/978-3-642-24474-2_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-24473-5
Online ISBN: 978-3-642-24474-2
eBook Packages: Computer ScienceComputer Science (R0)