discuss the relationship between RISK and CONTROLS informati

discuss the relationship between RISK and CONTROLS. (information system security)(long answer)

Solution

RISK MANAGEMENT: It is process of identifying ,assessing and controlling threats to an organization\'s capital and earnings.As a rsult ,a risk Management plan increasingly includes companies processess for identifying and controlling threats to its digital assets.

INFORMATION SYSTEM SECURITY: It means protecting information (data) and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.It is a process of defining the security controls in order to protect the information assets.

Risk Management and Risk Assessment are found in the relevant literature [ISO13335-2]

The ISO recommended the following target areas, or principles, should be part of the overall risk management process:

Risk Management Strategies:

Security Controls:

                           Even although organizations tend to use a single method for Risk Management, multiple methods are typically be used in parallel for Risk Assessment. This is because different Risk Assessment methods might be necessary, depending on the nature of the assessed system.