IT Examiner School

First page Table of contents Previous page 109 Next page Last page

Question What is the first step in developing an information security program’s risk assessment? A. Identify threats B. Identify assets C. Identify controls D. Assign residual risk

Risk Assessment Process - Overview Information & value sensitivity of information assets Identify potential internal/external threats and/or vulnerabilities Assess likelihood & impact of threats/vulnerabilities Assess sufficiency of risk control policies, procedures, information systems, etc.

Made with FlippingBook Digital Publishing Software