A STUDY ON INFORMATION SECURITY AND RISK MANAGEMENT IN I.T. ORGANIZATIONS

Information is the primary asset for any organization. The security to the information should be given utmost importance and reducing the risk of information compromise is a high priority.The importance that the organizations are paying towards information security risk has grown tremendously in the recent decades. A large number of risk assessment models have been proposed.The difference between these models lies in the different perspectives that each one focus on addressing the problems related to information security risk assessment. Some mode ls are generic which can be applied to any organization, while others are specific, not suitable for all the risks in information security. The aim of the study is to make comparison between information security risk assessment models in terms of their act ivities, inputs and outputs required. The result of the study will have major implication for the organizations in helping them identifying a suitable model for information security risk assessment based on their specific requirements. The study is a part of a major research work aimed at developing an information security risk assessment method for I.T organizations based on using data mining technique.