IT Examiner School eBook
Risk Acceptance
• Examples of risk acceptance: • Provide no active mitigation • Based on risk appetite and cost-benefit analysis • Sometimes acceptance is the only choice • Risk acceptance must include due diligence • Level of risk is always changing, and acceptance decisions need to be regularly reviewed.
53
Risk Assessment Process
Identify and value information assets
Identify potential internal/external threats and/or vulnerabilities
Assess likelihood & impact of threats/vulnerabilities
Risk Response (Accept, Transfer, Reduce, Ignore)
Assess sufficiency of risk control policies, procedures, information systems, etc.
Made with FlippingBook - Online magazine maker