IT Examiner School

Countermeasure/Risk Relationship

Risk

Threat

Vulnerability

Leads To

Exploits

Damages

Affects

Exposure

Asset

Mitigated by

Countermeasure

Causing

57

Risk Analysis/Assessment The risk assessment must effectively Gather/Identify: • Data regarding the information and technology assets of the organization • Threats to those assets • Vulnerabilities • Existing security controls & processes • Current security standards and requirements

58