AR 380-19 Information Systems Security


Chapter 5
Risk Management

5-1. Risk management overview

5-2. Risk management methodology

5-3. Risk assessment

5-4. Management decision to implement countermeasures

5-5. Control implementation

An effectively applied risk analysis must lead to a series of interrelated countermeasures to be implemented according to a plan approved by the commander or DAA. Because of the potential risk resulting from growing dependence upon TAIS, the commander or DAA must always participate in this process.

5-6. Effectiveness review

Organizational and operational dynamics demand continuing review of the effectiveness of security controls. Because of the diversity of TAIS environments, and the relative newness of the ISS discipline, commanders must be assured that controls are providing the desired results. This is an important process in documenting security techniques and ensuring that a technique has not created a more serious vulnerability or risk. The collective effectiveness of applied countermeasures is the basis for future security actions, and assists in identifying problem areas and additional security requirements.

5-7. Application of risk analysis