2023 IT Examiner School

First page Table of contents Previous page 144 Next page Last page

Risk Assessment Process

Identify and value Information assets

Identify potential internal/external threats and/or vulnerabilities

Assess likelihood & impact of threats/vulnerabilities

Risk Response (Accept, Transfer, Reduce, Ignore)

Assess sufficiency of risk control policies, procedures, information systems, etc.

Security Definitions Risk Assessment

Threat

Vulnerability

Risk

Deficiency that provides opportunity for threat

Likelihood threat taking advantage of vulnerability

Danger to security

Made with FlippingBook - Share PDF online