Security risk analysis and management

The management system of informational security is a part of the management system of an organization, that approaches the management of risk from the point of view of the involved information, approach that is used in order to set, to implement, to function, to monitor, to revise, to maintain and to improve the informational security at the organizational level, referring to the progress of the processes required by the management of risk in order to guarantee the security of the information. The appreciation of the efficiency of the security system represents a difficult problem and it contains many elements of subjectiveness, because the analysis of the security risks of information implies using some interviewing techniques based on questionnaires provided by experts in security, that in most of the cases come from outside the organization. This study does not analyse the risk concept, it focuses more on the analysis and the risk management on the practical part using AHP method. Managing the risk and the security requirements are connected by a set of practices and management tools generally used in order to manage the security risk of information. It is essential that the tool and the model used should reflect the objective needs of the organization from the point of view of the management of risk.