Business Management and Strategy

Security risks associated with networked enterprise systems is a topic that has become increasingly significant in recent years. Risks to computer systems can be anything from defacing a corporate website to sabotaging a metropolitan electricity distribution system, and anything in between. Information security risk management is the process used to identify and understand risks to the confidentiality, integrity, and availability of information and information systems. The scope of this paper is to review the current literature on risk management and the processes that allow IT managers to balance the operational and economic costs of protective measures, as well as, achieve gains in mission capability by protecting the IT systems and data that support their organizations’ missions. Literature suggests that developing a well-planned business continuity plan should be a matter of highest priority for all businesses, regardless of size, structure or function. What is crucial is to minimize risk by developing a high standard security system, while business leaders need to have it high on their agenda and do their best to ensure the overall organization’s safety.