A business approach to effective information technology risk analysis and management
Suggests that a number of difficulties are experienced by organizations using conventional risk analysis and management. "Conventional" refers to those methodologies which are based on the traditional asset/threat/vulnerability model. Identifies a need for an approach that is more suitable for smaller organizations, as well as organizations requiring a quicker, more simplified and less resource-intensive approach. In light of this requirement, proposes an alternative approach to effective information technology (IT) risk analysis and management. This approach has a business-oriented focus from an IT perspective.