November 2008
Intermediate to advanced
444 pages
13h 38m
English
Content preview from How to Complete a Risk Assessment in 5 Days or Less
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
399
Appendix M
Control Lists
Overview
For years I have worked to establish a sample list of threats that could be used by risk
management professionals to expedite the risk assessment process. A few years ago
when I was doing a class in Brazil a student gave me a URL that has helped the threat
identification process. A German organization, IT-Grundschutz, has established two
important lists for the risk management professional. e first set was discussed in
Appendix G; that list focused on threats. is time, IT-Grundschutz — an orga-
nization that aims to achieve a security level for IT systems that is reasonable and
adequate to satisfy normal pro ...