Abstract

The security of a company's information system (IS) is an important requirement for the pursuit of its business. Risk management contributes to the protection of the IS assets. It saves the organism from the losses caused by the emergence of unwanted events having an incidence on the IS objectives and consequently on its strategy. It has also an important role in the decision making about entering new opportunities. In addition, it promises an optimal allocation of information system resources. The risk management process aims to analyze what can happen and what are the eventual consequences for the organization before deciding what needs to be done and reducing the risks to an acceptable level. This paper presents a literature review of IS risk management and gives a comparative analyse of its processes, methods and standards.

This work is licensed under a Creative Commons Attribution 4.0 License.