IT Examiner School, Providence, RI

Risk Assessment Process

Identify and value sensitivity of information assets.

Identify potential internal/ external threats and/or vulnerabilities.

Rank likelihood and impact of threats and/or vulnerabilities.

Assess sufficiency of risk control policies, procedures, information systems, etc.

Examples of Assets to be Protected • People – Expertise, corporate memory • Hardware – CPU, routers, drives, keyboards • Software – OS, diagnostic software, application, source code • Data • Documentation – Disclosure • Supplies

– Databases, files, email, backup media

– Media, ink, paper

18