IT Examiner School, Palm Springs, CA

First page Table of contents Previous page 140 Next page Last page

Risk Assessment Goal

How does a risk assessment support the goal of an effective information security program?

InfoSec Risk Assessment Process

• The information security risk assessment process must:

– Gather data regarding the information and technology assets of the organization, threats to those assets, vulnerabilities, existing security controls and processes, and the current security standards and requirements (GLBA, NIST, ISO) – Analyze the probability and impact associated with the known threats and vulnerabilities to their assets – Prioritize the risks present due to threats and vulnerabilities to determine the appropriate level of training, controls, and assurance necessary for effective mitigation

Made with FlippingBook - professional solution for displaying marketing and sales documents online