![](\"http:\/\/themocracy.com\/wp-content\/uploads\/2016\/07\/Risk-Management-696x450.jpg\")
<\/p>\n<\/p>\n
Michelle Yasuwito<\/strong><\/p>\n 2101701235<\/strong><\/p>\n Sumber Gambar : http:\/\/themocracy.com\/an-introduction-to-risk-management-information-systems\/<\/p>\n <\/p>\n If you search the term information risk management<\/em> (IRM) on Google, you\u2019ll likely come up with many lengthy explanations and definitions. And while you can learn more about IRM by searching the terms \u201cNIST\u201d and \u201c800-53,\u201d many of the definitions you\u2019ll come across are either too vague, or they focus entirely on theory instead of practice. In response, we\u2019ve taken a crack at a simple, yet sufficient working definition: Information risk management (IRM): The policies, procedures, and technology one adopts in order to reduce the threats, vulnerabilities, and consequences that could arise if data is not protected.<\/em><\/p>\n When the average person thinks about a threat, they tend to envision hackers and those with malicious intent from outside an organization attempting to steal data or valuable information through physical or cyber means. This is considered an intentional<\/em> threat. But it\u2019s important to understand that threats to an organization\u2019s information can be both intentional and unintentional<\/em>. An unintentional threat might be an employee who doesn\u2019t handle data properly or an IT manager that is careless with an organization\u2019s IT infrastructure. It could also be a security flaw that allows a break-in to take place.<\/p>\n Information risk management examines this classic equation for risk:<\/p>\n