Abstract
This chapter is intended as an informal reference guide to information security personnel involved in making risk management decisions for computing systems and for those personnel that support those risk management decisions through design, analysis, policy development, or implementation. The scope of the chapter is introductory information on basic risk and risk management concepts as it applies to information systems (i.e. - the combination of hardware, software, operating systems, personnel, policy, physical location and the supporting operations, maintenance, and logistics that provide the information services necessary to support operational missions). It is not a comprehensive treatment of the subject; however, information and cyber security professionals will hopefully find this a useful common reference in supporting the remaining chapters in this book and when asked to participate in critical risk management decisions.