2023 IT Examiner School

First page Table of contents Previous page 51 Next page Last page

Internal Use Only

Types of Risk Assessments

Gramm-Leach-Bliley Act (GLBA) / Information Security

Business Continuity Planning

Audit

Authentication

Encryption, Awareness Training, etc.

Automated Clearing House (ACH)

Cybersecurity

Third Parties

Internal Use Only

Risk Assessment Methodologies

Quantitative

Qualitative

• Based on Judgment • Simple to implement • Flexible, cover all business risks • Quick to identify risks • Subjective/Bias • Delphi technique/expert opinions • Decision trees • Probability/Consequence • Relies on organizational expertise

•Data Driven! •Objective and accurate •Realistic and measurable •Requires data for analysis •More complex = more time •Data can be difficult to collect

Made with FlippingBook - Share PDF online