IT Examiner School eBook

First page Table of contents Previous page 129 Next page Last page

Risk Assessment Process

Identify and value information assets

Identify potential internal/external threats and/or vulnerabilities

Assess likelihood & impact of threats/vulnerabilities

Risk Response (Accept, Transfer, Reduce, Ignore)

Assess sufficiency of risk control policies, procedures, information systems, etc.

Risk Mitigation: Controls

• Risk response is achieved using Controls. • Administrative, Technical, Physical • Safeguard: Deterrents or Preventives • Countermeasures: Detective or Correctives

• Controls must have specific objectives associated with them.

• Controls must be measurable.

50

Made with FlippingBook - Online magazine maker