IT Examiner School, Seaside, CA
Risk Assessment Process
Identify and value
sensitivity of information
assets.
Identify potential internal/
external threats and/or
vulnerabilities.
Rank likelihood and impact
of threats and/or
vulnerabilities.
Assess sufficiency of risk
control policies,
procedures, information
systems, etc.
Examples of Assets to be Protected
• Data
• People
– Databases, files, email, backup media
– Expertise, corporate memory
• Hardware
• Documentation – Disclosure • Supplies
– CPU, routers, drives, keyboards
• Software
– OS, diagnostic software, application, source code
– Media, ink, paper
18
Made with FlippingBook - Online catalogs