Chapter 6

Information Security Risk Assessment: Risk Prioritization and Treatment

Information in this chapter:

• Organizational Risk Prioritization and Treatment

• System Specific Risk Prioritization and Treatment

• Issues Register

Introduction

In this chapter we will consolidate and summarize the risks based on the organizational and system specific risks that we have identified in the processes outlined in the previous chapter. Although a separate activity, the practitioner should consider this process as a sub-process of the overall risk analysis process. This part of the risk assessment process is focused on compiling all analysis conducted and presenting it in a structured manner. In fact, the deliverables created after following this process ...

Get Information Security Risk Assessment Toolkit now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.