When researching and analyzing references for IT security, it is also best to continue using a structured methodology. The categorization of security elements found in the risk assessment methodology provides us with a way to group and assess the key aspects of any security program. If, in fact, an information security program is founded on the essential risk management exemplar, it already possesses a process to define the primary categories—threat, vulnerabilities, assets, and safeguards. Additionally, the McCumber Cube methodology has also structured the elements of the safeguards into technology, procedures, and human factors. With this starting point, you can more easily search and discover the many ...

Get Assessing and Managing Security Risk in IT Systems now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.