ABSTRACT

This chapter introduces the thematic issues and dilemmas identified in information risk management that fueled the need for a research study. The study considers the knowledge gaps in the existing literature and the issues and dilemmas observed in practice. The chapter contains a summary of the questions critical to the practice and a brief description of the study and research methodology that led to the development of the responsive security approach. Managing information security risk is seen commonly as a task of identifying and assessing risks, applying mitigating controls, and monitoring the use of those controls to address recognized risks in a coordinated manner throughout the life cycle of a business system. Information security and data privacy risk and uncertainties continue to exist, but new security measures are again being devised using mainly collections of controls from various sources based on past standards and regulatory requirements. The chapter also presents some concepts discussed in this book.