CAB240 Lecture Notes - Lecture 3: Information Security, Expected Loss, Systems Analysis

Why manage information security: the use of mobile devices, email, external services, portable storage etc. brings about the necessity of managing information assets to avoid potential risk. We use the internet regularly for searching, maps, social networking, weather, banking, etc. which also brings about the same necessity for this management. Lots of regular activities put our information assets at risk. You don"t have unlimited resources so making tradeoffs is necessary: can"t afford to protect all assets against possible threats. Some level of risk involved, so basically, a risk management exercise. Exposure to danger, possibility of something unpleasant occurring, a person or thing regarded as a threat, etc: risk: "effect of uncertainty on objectives, usually considered in terms of potential events, effect of event - deviation from normal state. Includes positive and/or negative: aspects to consider: Information security: may apply at different levels, organisational, project, product, process. Information security risk expressed in terms of consequences and likelihood: