ABSTRACT
This chapter focuses on the means to manage risks to an acceptable level and the creation of a strategic plan aligned with the organization s business plans for fulfilling the mission of the organization. The National Institute of Standards and Technology is a federal agency that develops standards and guidelines. Environmental acts are also events that could be prevented or at least, a response could be planned to minimize their impact. The larger risk scores indicate the areas in which additional security safeguards and controls may be beneficial to reduce risks to an acceptable level. Information security professionals must identify the reasonably anticipated threats and prioritize the risks to help business executives make an informed business decision. Information security is less about the elimination of risk and more about the appropriate management of risk.
