O'Reilly logo

Managing Risk in Information Systems by Darril Gibson

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 6. Performing a Risk Assessment

THERE ARE SEVERAL STEPS TO TAKE when performing a risk assessment. You start by clearly defining what you will assess. This involves describing the system. You then collect data to identify threats and vulnerabilities. These threats and vulnerabilities help you identify the risks.

Then identify countermeasures or controls that can mitigate the risks. Evaluate in-place and planned controls. Finally, evaluate and recommend additional controls. You can support these recommendations with a cost-benefit analysis.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required