IT Examiner School, Providence, RI

Risk Assessment Process

Identify and value sensitivity of information assets.

Identify potential internal/ external threats and/or vulnerabilities.

Rank likelihood and impact of threats and/or vulnerabilities.

Assess sufficiency of risk control policies, procedures, information systems, etc.

Inherent Risk >>> Residual Risk