ABSTRACT
Risk management is the process that allows business managers to balance operational and economic costs of protective measures and achieve gains in mission capability by protecting business processes that support the business objectives or mission of the enterprise. For most of this book, we will concentrate on the impacts of risk in the information security (IS) and information technology areas of an organization. Risk management, however, is not restricted to the information technology and security realm. This is a business process that assists management in meeting its fiduciary duty to protect the assets of the organization.
