IT Examiner School eBook

Risk Assessment Process

Identify and value Information assets

Identify potential internal/external threats and/or vulnerabilities

Assess likelihood & impact of threats/vulnerabilities

Risk Response (Accept, Transfer, Reduce, Ignore)

Assess sufficiency of risk control policies, procedures, information systems, etc.

Security Definitions Risk Assessment

Threat

Vulnerability

Risk

Deficiency that provides opportunity for threat

Likelihood threat taking advantage of vulnerability

Danger to security