|
Yes there is a difference. The scope of e-business risk management
is much wider and inclusive than the scope of traditional information
security. While info security narrowly focuses on protection and
integrity of information assets, e-business risk management addresses
the much broader issues that affect e-business survivability. Info
security is, in fact, a subset of e-business risk management - a very
important subset, but a subset nonetheless.
The main distinction is how define the term ?asset?: Info security
addresses threats to the ?information? or ?computing? asset; e-business
risk management addresses threats to the ?stakeholder relationship? or
?organizational? asset. When you define the protected asset as
?stakeholder relationships?, strategic risk issues such as insurance,
outsourcing decisions, legal liability, personnel practices and
corporate reputation tend to force considerations that are generally
overlooked by traditional info security practices.
|
