 Information security risk management terminology and key conceptsMichael Schmidt ()
Risk Management, 2023, vol. 25, issue 1, No 2, 23 pages Abstract: Abstract Language is the foundation for any communication and the vocabulary used has a decisive influence on the ability of the communication partners to clearly understand each other. In Information Security Risk Management (ISRM), the terminology used is often dictated by industry standards and frameworks. However, there is no universally accepted terminology, which makes collaboration difficult for professionals and researchers alike. This publication compares the terminology defined by frequently used frameworks, such as ISO and NIST, in the field of ISRM. It examines the terms and inherent concepts of each terminology, compares the notion of risk and derives a concept diagram based on the most important key concepts. The result facilitates a common understanding of ISRM across frameworks and organisational boundaries, thus enables further research, discussion, intra- and inter-firm communication. Keywords: Risk management; Information security; Terminology; Terms; Concepts; Frameworks (search for similar items in EconPapers) Downloads: (external link) Related works: Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text Persistent link: https://EconPapers.repec.org/RePEc:pal:risman:v:25:y:2023:i:1:d:10.1057_s41283-022-00108-8 Ordering information: This journal article can be ordered from DOI: 10.1057/s41283-022-00108-8 Access Statistics for this article Risk Management is currently edited by Igor Loncarski More articles in Risk Management from Palgrave Macmillan |
Is your work missing from RePEc? Here is how to contribute.
Questions or problems? Check the EconPapers FAQ or send mail to .
EconPapers is hosted by the
School of Business at Örebro University.