Preface

Managing information security risk is an important activity of business enterprises and government organizations to address related information security threats and vulnerabilities, ensure compliance with regulations and best practice standards, demonstrate due diligence to shareholders and customers, and achieve business objectives with minimum cost.

While many researchers and practitioners have contributed to the development and progress of information risk management, existing approaches have achieved only limited success and the practice remains problematic. This is frequently observed in recurring incidents of information security issues and needs, in particular, when businesses, operations, and/or technological environments are ...