IT Examiner School, Seaside, CA

Risk Assessment Process

Identify and value

sensitivity of information

assets.

Identify potential internal/

external threats and/or

vulnerabilities.

Rank likelihood and impact

of threats and/or

vulnerabilities.

Assess sufficiency of risk

control policies,

procedures, information

systems, etc.

Examples of Assets to be Protected

• Data

• People

– Databases, files, email, backup media

– Expertise, corporate memory

• Hardware

• Documentation – Disclosure • Supplies

– CPU, routers, drives, keyboards

• Software

– OS, diagnostic software, application, source code

– Media, ink, paper

18

Made with FlippingBook - Online catalogs