Overview

In order to create a business driven risk model, it is necessary to use a methodology that is based on the business. This may seem simplistic, but many of the risk processes and methodologies that are used in information security are technically based and only consider assets (e.g. a data file, floppy disk, tape file etc) - not the business - a sort of 'one size fits all' approach. This has little relevance to the business process and the typical 'threat, asset and vulnerability' evaluations to provide risks in such methodologies make little or no allowance for what the business actually does.

An Introduction To Information, Network and Internet Security
Overview In order to create a business driven risk model, it is necessary to use a methodology that is based on the business. This may seem simplistic, but many of the risk processes and methodologies that are used in information security are technically based and only consider assets (e.g. a data file, floppy disk, tape file etc) - not the business - a sort of 'one size fits all' approach. This has little relevance to the business process and the typical 'threat, asset and vulnerability' evaluations to provide risks in such methodologies make little or no allowance for what the business actually does.	The Security Practitioner An Introduction to Information Security
Return To An Introduction to Information Security