CHAPTER 11: IMPACT, INCLUDING ASSET VALUATION
Risk assessment involves identifying the potential business harm that might result from a risk coming to fruition. The way to do this is to assess the extent of the possible loss to the business for each potential concern. One object of this exercise is to prioritise treatment (controls) and to do so in the context of the organisation’s acceptable risk threshold, so it makes sense to categorise possible loss in terms of impact on the organisation of the risk occurring.
The successful exploitation of a vulnerability by a threat will have an impact on the asset’s confidentiality, integrity or availability. This may have consequences for the business, in terms of its actual operations, or from a compliance ...
Get Information Security Risk Management for ISO 27001/ISO 27002, third edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.