Reasonable Security by Effective Risk Management Practices: From Theory to Practice

Abstract

In this period of grave uncertainty, organizations have to manage more and more complicated situations in an environment that is subject to massive and rapid evolution. A solely intuitive approach to risk management is no longer sufficient when considering the need to optimize investments concerning security. It is necessary to find the difficult balance between the cost of risks versus their reduction so as to ensure that organizations can realize their objectives in a reasonable and durable manner. The aim of this paper is to point out the strong need for information system’s owners and manager to rely upon effective risk analysis methodology for decision making related to efficient security measure in order to develop business performances. We present a methodological approach. A case study and return of experiences “ based on real life” are given to illustrate the applicability of it.