Chapter 3

Information Security Risk Assessment: Data Collection

Information in this chapter:

• The Sponsor

• The Project Team

• Data Collection Mechanisms

• Document Requests

• IT Asset Inventories

• Asset Scoping

• The Asset Profile Survey

• The Control Survey

• Survey Support Activities and Wrap-Up

• Consolidation


The cornerstone of an effective information security risk assessment is data. Without data to support an assessment there is very little value to the risk assessment and the assessment you perform can be construed as mere guesswork.

Data collection is by far the most rigorous and most encompassing activity in an information security risk assessment project. There are many factors that affect the success of the data collection ...

Get Information Security Risk Assessment Toolkit now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.