In today's competitive environment, concerns for security lie at the center of information systems at both organizational and technological levels. There exist various types of risk that business faces, which can include budgetary risk, safety risk, investment risk etc. However, security risk management is related to the operation as well as the use of information systems which is an important component of organizational risk and which the senior leaders address as part of their ongoing responsibilities of risk management (Locke, Gallagher, 2011, pp.1). So the issue of security risk management has become fundamental in companies as it helps them to identify and implement the requirements of security in a cost effective manner (Dubois, Heymens, Mayer, Matulevicius, 2010, pp. 289-306)
The process of risk management encompasses three processes (Stoneburner, Goguen, Feringa, 2002, pp.4) The first step is to establish the context in which nature of risk is identified, after which planning and mapping of risk objectives is evaluated. After the framework for risk assesment is developed, the analysis of risks which are invovlved in the process is formulated so that solutions of risks can be made possible. The second step is to identify the potential risks in the process. The potential risks could be identified with the source and problem analysis during the process. The last step is the assessment of risks that have been identified. They must be assessed so as to determine their impact or probability of its occurrence. Risk management and ethics is related to each other as they both share common grounds. As ethics give guiding principles between individuals to act in appropriate situation, or provide such guidelines that safeguard others from harm. In a similar maner, risk management is totally based on respect for the freedom and rights of others, that can safe them from preventable danger or harm. It provide with a set of procedures that provide freedom to individuals to act as they chose without restrictions (Head, 2005)
In today's globalized economies and changing environment for business, the concern for security risk management is becoming a strategic business concern. Since many years companies have much learced from the skills and expertise which are developed by employees who are involved in secuirty risk. So one of the major aims of today's business organizations is to protect and secure their information with no risks involved in their security process.