Chapter 3
Information Security Risk Assessment: Data Collection
Information in this chapter:
• The Sponsor
• The Project Team
• Data Collection Mechanisms
• Document Requests
• IT Asset Inventories
• Asset Scoping
• The Asset Profile Survey
• The Control Survey
• Survey Support Activities and Wrap-Up
• Consolidation
Introduction
The cornerstone of an effective information security risk assessment is data. Without data to support an assessment there is very little value to the risk assessment and the assessment you perform can be construed as mere guesswork.
Data collection is by far the most rigorous and most encompassing activity in an information security risk assessment project. There are many factors that affect the success of the data collection ...
Get Information Security Risk Assessment Toolkit now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.