**Acknowledgement**

**David R. Comings, Ph.D., CISSP, CRISC**, *Tenacity Solutions, Inc., United States of America*, Dr. Comings specializes in information security, risk management, and strategic planning particularly for customers within the U.S. Government. Dr. Comings earned his doctorate at the University of Fairfax and his Master of Arts at the University of Pittsburgh.

**Wendy W. Ting, Ph.D., CISSP, CISM**, *Department of Defense, United States of America*, Dr. Ting specializes in performance metrics, cross domain information-sharing solutions, information security and systems security engineering. Dr. Ting earned her doctorate at the University of Fairfax and her Master of Science at the University of Maryland.

#### **6. References**

224 Risk Management – Current Issues and Challenges

**Table 4.** Component Values and Their Weightings

*Tenacity Solutions, Inc., United States of America* 

*Department of Defense, United States of America* 

management strategy.

**5. Conclusion** 

organization.

**Author details** 

David R. Comings

Wendy W. Ting

**Acknowledgement** 

should be given to characteristic1, reviewing and updating the organization's risk

The need to initially assess, and then conduct ongoing monitoring of an organization's overall risk posture, the risk posture of its assets, processes, and systems has been clearly established. The more valuable the information, asset, activity, or operation, the greater the need to increase the frequency of monitoring activities to ensure these resources are not compromised, or to identify and respond to any compromises as quickly as possible. This chapter shows how the IA OM® metric herein described provides an enterprise-wide risk management metric that can integrate synergistically with other risk management tools and efforts within an organization to provide monitoring personnel and decision-makers with the timely, accurate, and useful information they need to perform their functions and ensure their organization's mission and business functions are protected. IA OM® not only provides a metric targeted to organizational senior management, but one that can be used by decision-makers at all levels in the organization to ensure the processes and assets they are responsible for are protected in a way that aligns with the risk management strategy of the

**David R. Comings, Ph.D., CISSP, CRISC**, *Tenacity Solutions, Inc., United States of America*, Dr. Comings specializes in information security, risk management, and strategic planning particularly for customers within the U.S. Government. Dr. Comings earned his doctorate at

the University of Fairfax and his Master of Arts at the University of Pittsburgh.


[15] Johnson ME, ed. Managing Information Risk and the Economics of Security. New York, NY: Springer Science+Business Media, LLC 2009.

**Chapter 11** 

© 2012 Dobrotă, licensee InTech. This is an open access chapter distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/3.0), which permits unrestricted use,

distribution, and reproduction in any medium, provided the original work is properly cited.

© 2012 Dobrotă, licensee InTech. This is a paper distributed under the terms of the Creative Commons Attribution License (http://creativecommons.org/licenses/by/3.0), which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

**Risk Management in Business – The Foundation** 

A world marked by rapid changes of the economic, financial, political and social environment, a world ruled by uncertainty is subject to the emergence of increasingly higher risks, affecting the process of economic development of world economy. The increasingly frequent manifestation of unforeseen events caused high interest for research in the risk identification, quantification and prevention at the microeconomic level. In this context, risk management can be considered the art of taking decisions in an uncertain environment, on the background of the identification, quantification, analysis and management of the risks

Why is it necessary an active management of risk? The globalization process, the interdependence between economies in a regional and global plan, the problems arising from the need to ensure compatibility between legislative previsions, the effects of free labor movement, the macroeconomic context located in an accentuated dynamic, the fierce competition at the level of participants from the economic circuits, the limited degree of the resources and unlimited of the needs, the need to adapt to technological changes, the challenges generated of climate change, the high degree of complexity of the factors which influence economic and financial results of the business, the diversity of international economic flows are just some aspects which sustain the organized risk management, training the personnel for managing the activity, the identification of the losses caused by the action of the risk and the insurance of resources necessary to cover them, but also in the identification and communication of the risk, fact which requires the existence of a strong

Defining risk has been done in different ways over several decades, the polemics continuing today. But regardless of the angle of approach, defining the border between risk and uncertainty, the identification of the management methods, a thing is certain: the existence

**of Performance in Economic Organizations** 

Gabriela Dobrotă

**1. Introduction** 

http://dx.doi.org/10.5772/50706

which affect an organization.

organizational culture oriented to this sense.

Additional information is available at the end of the chapter


Gabriela Dobrotă

226 Risk Management – Current Issues and Challenges

Technology 2011: 88.

Technology; 2009.

Butterworth-Heinemann 2005.

River, NJ: Prentice Hall 2001.

Saddle River, NJ: Prentice Hall 1997.

NY: Springer Science+Business Media, LLC 2009.

Milton, Qld: John Wiley & Sons Australia, LTD 2006.

[15] Johnson ME, ed. Managing Information Risk and the Economics of Security. New York,

[16] Slay J, Koronios A. Information Technology Security & Risk Management. 3rd. ed.

[17] NIST. SP 800-39, Managing Information Security Risk: Organization, Mission, and Information System View. In: Commerce Do, ed.: National Institute of Standards and

[18] NIST. SP 800-30, Risk Management Guide for Information Technology Systems. In:

[19] NIST. SP 800-53, Revision 3: Recommended Security Controls for Federal Information Systems and Organizations Gaithersburg, MD: National Institute of Standards &

[20] Jones A, Ashenden D. Risk Management for Computer Security. New York:

[21] Donaldson SE, Siegel SG. Cultivating Successful Software Development. 1st ed. Upper

[22] Donaldson SE, Siegel SG. Successful Software Development. 2nd ed. Upper Saddle

[23] NIST. SP 800-64, Revision 2: Security Considerations in the System Development Life Cycle. In: Commerce Do, ed.: National Institute of Standards and Technology 2008.

[24] Ting WW. Interview with Stanley G. Siegel. Arlington, VA 2004.

Commerce Do, ed.: National Institute of Standards and Technology 2002.

Additional information is available at the end of the chapter

http://dx.doi.org/10.5772/50706
