WorldCIS-2013: Keynote speaker 1

Summary form only given. This presentation discusses Risk-based Information Security as the follow-on to a checklist, compliance-based approach to information security. The presentation begins with an overview of the principles of information security and then covers risk concepts and risk management, including risk assessment, ratings and loss calculations. Next, the discussion turns to the two different information security approaches and the current methodologies to follow while using a risk-based approach. I provide a contrast and comparison of the methodologies and conclude by providing some useful takeaways for those in attendance to begin using immediately.