Premium
4.3.1 Security Engineering: Systems Engineering of Security through the Adaptation and Application of Risk Management
Author(s) -
Gilliam David P.,
Feather Martin S.
Publication year - 2004
Publication title -
incose international symposium
Language(s) - English
Resource type - Journals
ISSN - 2334-5837
DOI - 10.1002/j.2334-5837.2004.tb00530.x
Subject(s) - security information and event management , risk management , computer security , security management , risk analysis (engineering) , computer science , it risk management , threat , security service , security testing , information security management , security through obscurity , confidentiality , adaptation (eye) , cloud computing security , information security , risk assessment , business , network security policy , cloud computing , finance , operating system , physics , optics
Information Technology (IT) Security Risk Management is a critical task in the organization, which must protect its resources and data against the loss of confidentiality, integrity, and availability. As systems become more complex and diverse, and more vulnerabilities are discovered while attacks from intrusions and malicious content increase, it is becoming increasingly difficult to manage IT security. This paper describes an approach to address IT security risk through risk management and mitigation in both the institution and in the project life cycle. The application of risk management to security engineering is described. Support for this through application of a security risk algorithm and a risk management tool for risk analysis is also discussed.