Chapter 2

Information Security Risk Assessment: A Practical Approach

Information in this chapter:

• A Primer on Information Security Risk Assessment Frameworks

• Hybrid Risk Assessment Approach


There has been quite a bit written about information security risk assessments. In fact, there are numerous published information security risk assessment frameworks and numerous books about the subject that are currently in circulation. But with so many frameworks to choose from why do organizations continue to struggle with the concept?

It can easily be stated that theory is not the problem with risk assessments. For the most part, risk assessment frameworks are based on the foundational concept of risk as was discussed in Chapter 1. The real ...

Get Information Security Risk Assessment Toolkit now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.