Although the existence of an established body of knowledge, risk managers still strive to find a suitable risk information model that should be used in information security process. The purpose of this document is to capture key concepts of information risk management. It includes all information and / or assets associated with the information that are used in the organization or that may have an impact on information security. When it comes to implementation, information security risk management is a challenging process, because risk factors are constantly changing, due to rapidly changing technologies and the attacker’s knowledge level. However, the main issue of our approaches is set a baseline to define the requirements for establishing, implementing, maintain and continually improving an information security management system.

Andress, J. (2014). The basics of information security: understanding the fundamentals of InfoSec in theory and practice. Syngress.

CALDER, A. (2013). ISO27001 / ISO27002 (2nd ed.). IT Governance Publishing. Retrieved from http://www.jstor.org/stable/j.ctt5hh4qg

Cherdantseva, Y., & Hilton, J. (2013). A Reference Model of Information Assurance & Security. 2013 International Conference on Availability, Reliability and Security, 546–555. http://doi.org/10.1109/ARES.2013.72

Guide, I. S. O. (2009). 73: 2009. Risk management—Vocabulary.

ISO, I. (2009). 31000: 2009 Risk management–Principles and guidelines. International Organization for Standardization, Geneva, Switzerland.

Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press.

Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber security. Computers & Security, 38, 97–102.