ABSTRACT

This first chapter presents and describes a model for information security risk assessment. The purpose of this model is to provide a framework for organizations so they can easily modify and adapt it to meet their specific requirements. The chapter also provides some background information on information security risk assessment and why it is important in the overall information security journey. A model used within the context of this chapter is meant to provide the framework and fundamental structure for the definition of a formal information security risk assessment. This model presents the requirements and elements for information security risk assessment and provides background information for each component. An assessment methodology built on the ISRAM

is presented and described in the second chapter.