Risks Management relating to Information Systems Security Treatment of IT Equipment Security Risks

This article is a natural sequel of the ideas presented in the first three articles from this series of articles referring to security risk management. All efforts of an organization to identify and assess the IT system assets, related vulnerabilities and threats and to assess the risk levels are done in order to reduce the risks and ensuring a proper security level in the organisation. This paper deals the adoption of risk treatment option, selection of optimum measures for reducing the risk to an acceptable level, criteria according to which the risk is treated and the limitations affecting the risk treatment options. Chapter 4 presents a fragment from a risk treatment plan prepared based upon the authors' own experience.