The Role of Information Security in the Enterprise Risk Management Structure

Abstract

The purpose of this chapter is to discuss the role of information security business processes in supporting an enterprise view of risk management and to highlight how, working in harmony, the ERM and information security organizational components can provide measurable value to the enterprise people, technologies, processes, and mission. This chapter also briefly focuses on additional continuity process improvement techniques. If not already considered a part of the organization’s overall enterprise risk management (ERM) program, why should business information security professionals seriously pursue aligning their information security programs with ERM initiatives?