Abstract:

The globalization imposed a re-assessment of the security concepts, reconsideration and extension of the responsibilities in the field of information security. Organizations are continuously confronted with complex threats to information they handle and to the information systems they administer. The information security risk management emerged as an efficient and comprehensive procedure that complements the overall management of almost all aspects of our lives. Managers in very diverse types of organizations, with different missions, all incorporate risk assessment in their decision-making processes. At present, more and more managers in industry and government organizations are allocating a large part of their resources to the task of improving their understanding and approach to risk-based decision-making. The study revolves around the premises that information systems going through a systematic risk assessment and management process and associated decision-making steps would attain significantly better the information security objectives than systems that do not. The paper provides an overview of the theoretical approaches to information security risk management, as an essential step in developing effective information security systems. The article aims at advancing the current theories in order to develop adapted methods for different types of organizations.