IT Examiner School, Seaside, CA

First page Table of contents Previous page 145 Next page Last page

Risk Assessment Process

Identify and value

sensitivity of information

assets.

Identify potential internal/

external threats and/or

vulnerabilities.

Rank likelihood and impact

of threats and/or

vulnerabilities.

Assess sufficiency of risk

control policies,

procedures, information

systems, etc.

Inherent Risk >>> Residual Risk

Made with FlippingBook - Online catalogs