IT Examiner School, Seaside, CA

Risk Assessment Goal

How does a risk assessment support the goal of an effective information security program?

InfoSec Risk Assessment Process

• The information security risk assessment process must:

– Gather data regarding the information and technology assets of the organization, threats to those assets, vulnerabilities, existing security controls and processes, and the current security standards and requirements (GLBA, NIST, ISO) – Analyze the probability and impact associated with the known threats and vulnerabilities to their assets – Prioritize the risks present due to threats and vulnerabilities to determine the appropriate level of training, controls, and assurance necessary for effective mitigation

Made with FlippingBook - Online catalogs