CHAPTER 5: RISK ASSESSMENT
A risk assessment is essential in forming a clearer picture of how external and internal threats could impact on your organisation, how severe and how likely those threats are and how well your organisation is already prepared.
There are many process possibilities for conducting a risk assessment, but a good starting point for directors is the NIST’s guidance in SP 800-30. The Institute identifies nine stages of the information risk assessment process, starting with a review of the existing or proposed system and ending with a commitment to monitor the system on an ongoing basis.
System characterisation
By defining the scope of the risk management process, directors and IT personnel can understand the boundaries ...
Get Managing Information Risk: A Director's Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.