O'Reilly logo

CISSP in 21 Days by M. L. Srinivasan

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Risk assessment and management

Risk, as defined by a dictionary, is to "Expose to a chance of loss or damage". There are many types of risks an organization faces in its day-to-day business functions.

In order to understand the risk, one needs to properly understand assets, threats, and vulnerabilities.

Risk has to be understood from the following perspectives

  • Risk to What? Risks are generally to the assets. (See the next paragraph on assets which gives categorization and examples of such assets).
  • Risk from What? A risk can be from many threat sources such as earthquakes, floods, hackers, fires, viruses, disgruntled employees, and so on.
  • Risk of What? There is damage when an asset is compromised by a threat. The damage can be monetary loss, image ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required