Information Security Risk Analysis will allow any organization to implement risk management techniques that will prove to be cost effective. Using the PARA (Practical Application of Risk Analysis) process the book examines the qualitative risk analysis process and then provides tested variations on the methodology. The PARA process can be used by information security professionals, project managers, auditing, physical security, facilities management, or any organization that needs to determine what direction the organization must take on a specific issue.