Abstract :
Given the large number of information system security measures that exist, organisations find it more and more difficult to distinguish which measures should be granted priority in order to mitigate their information system risks. There are many questions. How do organisations know if the security measures present in their information systems are compatible? What are the steps that should be taken to increase the level of security? What can be done to better protect against incident or malicious activity? How can attacks, or incidents, be more easily discovered? What actions should be taken in the event of an attack? How can information systems be returned to normal operating activity following a disaster? To arrive at simple answers adapted to the context of the organisation, it is recommended that a rigorous approach be adopted. One can respond to these questions by developing a model. This information system security risk management cycle model assists organisations in differentiating among possible security measures to determine those that should be implemented.
