Risk Management is the process of identifying, evaluating and responding to risks. Organizations must understand the risks involved and their potential impact. Good security measures involve a multi-layered process that protects networks, systems, assets, resources, and people. With an understanding of risk tolerance, organizations can prioritize policies, procedures and practices to meet their security needs.
A successful organization should have some of the following layers of security in place to protect its operations and minimize its risk exposure:
Physical security to address the issues necessary to protect the physical items or areas of an organization from unauthorized access and misuse.
Personnel security to address the protection of the individual or group that is authorized to access the organization’s information systems and assets.
Operations security to focus on the protection of the details of a particular operation or series of activities.
Communication security to protect the organization’s communication media, technology and content.
Network security to protect the networking components, connections and contents.
Information security to protect the confidentiality, integrity and availability of information and information systems.