IT Examiner School eBook

Question What is the first step in developing a risk assessment? A. Identify threats B. Identify assets C. Identify vulnerabilities D. Identify risk

Risk Assessment Process

Identify and value information assets

Identify potential internal/external threats and/or vulnerabilities

Assess likelihood & impact of threats/vulnerabilities

Risk Response (Accept, Transfer, Reduce, Ignore)

Assess sufficiency of risk control policies, procedures, information systems, etc.