Information systems security and its affiliation to information technology risk management

Abstract

The Information security is considered a risk management strategy. Risk management has always been an integral part of an Information Security programme. Hence, security should be addressed as one of the many key risk areas. Incorporation of information security within an It risk management programme elevates the importance of it and ties its practice together with other key IT risks. The Securities and Exchange Commission requires a formal risk assessment to evaluate the factors that impact an organization's performance, because IT risk management and information security's role is critical. The performance of risk assessments are a key component of good information security, mainly risk identification. In addition to return-on security-Investment strategy, the other trend is developing a culture of shared accountability. The reason being- the security is supposed to educate the business leader about threats, costs and consequences on the organization and the effectiveness of the possible remedies. This paper will report on an ongoing research to identify the function of Information systems security and its affiliation to Information technology risk management. © 2009 Springer Berlin Heidelberg.