1Introduction
1.1 Background and Motivations
A common objective of information risk1 management is to ensure adequate protection of the confidentiality, integrity, and availability of information and information systems that are critical or essential to the success of a business.2 Through my experience as an information security practitioner for more than 20 years, and ongoing discourse with fellow practitioners and researchers in this field, a common observation is that the knowledge and practice of information risk management lag behind other management disciplines and are often inadequate for supporting the needs of practitioners in the field.
To a large extent, rather than taking strategic approaches, practitioners’ methods have been based ...
Get Responsive Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.