IT Examiner School - Oct 2023

First page Table of contents Previous page 115 Next page Last page

Risk Assessment Process

Identify and value information assets

Identify potential internal/external threats and/or vulnerabilities

Assess likelihood & impact of threats/vulnerabilities

Risk Response (Accept, Transfer, Reduce, Ignore)

Assess sufficiency of risk control policies, procedures, information systems, etc.

33

Identifying Assets Electronic (Network maps, hardware/software, systems, databases, computers, media) Paper ‐ Based (Policies, reports, contracts, financial records) Outsourcing arrangements

Cloud computing Intangibles Assets

34

Made with FlippingBook - professional solution for displaying marketing and sales documents online