Identifying and Managing Enterprise Security Risks in Online Business Convergence Environments

Abstract

Security risks associated with networked enterprise systems is a topic that has become increasingly significant in recent years. Risks to computer systems can be anything from defacing a corporate website to sabotaging a metropolitan electricity distribution system, and anything in between. Information security risk management is the process used to identify and understand risks to the confidentiality, integrity, and availability of information and information systems. The scope of this paper is to review the current literature and best practices on risk management and the processes that allow Information Technology (IT) managers to balance the operational and economic costs of protective measures, as well as, achieve gains in mission capability by protecting the IT systems and data that support their organizations' missions. Literature suggests that developing a well-planned business continuity plan should be a matter of highest priority for all businesses, regardless of size, structure or function. For business leaders, the most crucial priority is to minimize risk by developing a high standard security system, encompassing the overall organization's safety.