Skip main navigation

7 Elements of Information Security Risk Management

data security concept.
© envato elements
To prevent risk, we need to perform an information security risk management which consists of 7 main steps as follows:

1. Identifying Assets – In the context of information security, assets are systems, services, and data essential for specific business processes and tasks.

2. Valuing Assets – After identifying the information assets, need to value the assets. Asset valuation is different depending on the asset itself.

3. Threat Awareness – Threats to information security are actions that can cause unwanted consequences for your assets.

4. Understanding Vulnerabilities – A vulnerability is either a direct weakness in an asset or in an organization’s IT infrastructure that can be exploited.

5. Know Your Exposure – Exposure is the susceptibility of a particular vulnerability to being exploited by a threat within your IT infrastructure.

6. Measuring Risk – Risk is the likelihood that a given exposure will happen, leading to a negative outcome for your IT assets.

7. Implementing Safeguards – Implementing safeguards is the meat of what many lay people consider encompassing cybersecurity.

Click this link to know more about the 7 elements of information security risk management.

Watch the youtube below about Information Security Risk Management

This is an additional video, hosted on YouTube.

© Universiti Malaya
This article is from the free online

Introduction to Information Security Management

Created by
FutureLearn - Learning For Life

Reach your personal and professional goals

Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.

Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.

Start Learning now