Defining an approach of how IT security risk is
managed should be seen as a fundamental task, which is the basis
of this research.
The objective of this paper is to propose an
approach for identifying, assessing and treating IT security risk
which incorporates a robust risk analysis and assessment process.
The risk analysis process aims to make use of a comprehensive IT
security risk universe which caters for the complex and dynamic
nature of IT security.