7.3 Risk Assessment Overview
To this point in this chapter, we have reviewed and expanded on many of the concepts we presented in the first part of this text. Hopefully the picture is starting to come together. Now, let’s start to transition into some of the administrative and procedural issues, beginning with risk assessments.
Recall that threats can come from both internal and external sources, and they are inextricably linked to vulnerabilities inherent within any given system and exposures of those vulnerabilities to a threatening agent. As indicated before, risk is the chance (or probability) of something undesirable happening to individuals or the organization. The concept of risk exists in the realm of uncertainty and occurs with a vulnerability, ...
Get Information Security Management, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
