IT Examiner School - Oct 2023

First page Table of contents Previous page 118 Next page Last page

Risk Assessment Process

Identify and value Information assets

Identify potential internal/external threats and/or vulnerabilities

Assess likelihood & impact of threats/vulnerabilities

Risk Response (Accept, Transfer, Reduce, Ignore)

Assess sufficiency of risk control policies, procedures, information systems, etc.

39

Security Definitions Risk Assessment

Threat

Vulnerability

Risk

Deficiency that provides opportunity for threat

Likelihood threat taking advantage of vulnerability

Danger to security

40

Made with FlippingBook - professional solution for displaying marketing and sales documents online