A Risk Management Viewpoint

Top Help
I/A/C Risk Management Maturity Organization Technology Curriculum Other views
Prevention Detection Reaction

Risk management is based on the concept of identifying risks and deciding how to deal with them. [Cohen97-3]

Identifying Risks:

In terms of identifying risks, there is a widespread belief that risks stem from the combination of dependencies, vulnerabilities, and threats.

Dealing with Risks:

There are many ways that people deal with risks. here are some of the ways that are often used when it comes to information technology.

Prevention, Detection, and Reaction

A common way of looking at the information protection process is as a cycle in which we prevent some things, detect others, limit damage where appropriate, and respond when we encounter attacks. [Cohen97-5] Each of these dimensions of protection is quite complex, but when they interact with each other, the complexity climbs still higher. No technical or mathematical solutions exist for telling us how to mix prevention, detection, and reaction. At present, we don't even have an economic model for how to analyze the tradeoffs. What we do have is some notions of what works from a strategic and tactical standpoint.