RISK ANALYSIS

Risk Analysis

[Name of the Institute]

Risk Analysis

Security of Information Systems and Communication

At the heart, of information systems and communications should be objectively materializing the concept of security: "The security of systems and networks of information and communication is the establishment of protective services to achieve safety critical, such as confidentiality, integrity and availability." Confidentiality is a condition allowing visibility of information to persons identified and authorized. Integrity is a condition preventing any improper modification of information. Finally, availability is a state of availability of time information, and performance previously defined. We believe that protection is effective when it is thinking with a systems approach (theoretical model that takes into account three interrelated areas: system environments, the system itself from its borders and its internal components) (Vernooy-Gerritsen, 2009). This approach helps to think about security in the broadest sense, covering the whole system. Thus, security of information systems and communication covers computer security (logical security) as well as physical security and organizational system. In this paper we will discuss risk analysis and determine various steps in assessment and management of security of information risk.

Analysis and Risk Management

Computers and new communication technologies have become vivid tools and daily essentials. They allow an entity, whether a business administration or a citizen, to achieve precise objectives and remain competitive. Achieving the goals set by the entity may require both the creation of a showcase of products available via the Web, the creation of a customer database, the implementation of e-government services on line or simply connect to the Internet. To achieve its objectives, the entity in question will provide the necessary resources and implement an appropriate solution to its needs and its resources. Although the planning and implementation tools in place are carried out very careful, there is always some probability that the entity fails in achieving its objectives.

This probability has a name: RISK. Many professional fields have long been familiar with this concept. There is talk of financial risk, operational risk, environmental risk, etc. Of course, new technologies are no exception to this notion: So here came the IT risks. Improve its security is managing risks to data and information, so it is maximize its chances of success and reduce the likelihood of failure. Unfortunately, we cannot hope to reduce the resultant of this equation (risk) to 0. In theory, it is always possible, but in practice it is too expensive. The rule is then Pareto law. "80% of IT risks can be ...