Chapter 4

Information Security Risk Assessment: Data Analysis

Information in this chapter:

• Introduction

• Compiling Observations from Organizational Risk Documents

• Preparation of Threat and Vulnerability Catalogs

• Overview of the System Risk Computation

• Designing the Impact Analysis Scheme

• Designing the Control Analysis Scheme

• Designing the Likelihood Analysis Scheme

• Putting it Together and the Final Risk Score


In the scope of the overall information security risk assessment project, data analysis is the phase where we start trying to make sense of the collected data. In this phase our focus is on consolidating all of the information that we have gathered through the previous data collection activities. We will then display ...

Get Information Security Risk Assessment Toolkit now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.