Information Security Risk Management in the European Union

Abstract

Currently the organization's risk management covers a wider range of risks, especially operational risks, reputation risks to the organization, and more recently, strategic risks. Moreover, within a growing number of organizations, responsibilities associated with risk management are assumed by the top management, which generally coordinates the teams of specialists directly responsible for monitoring the risks and the risk handling measures. This chapter focuses on how to implement an approach to reduce the identified risks to the information conveyed through computer systems and communications. In additional, it presents EU regulations relevant to the analysis and risk management information security.