CHAPTER

6

Performing a Risk Assessment

THERE ARE SEVERAL STEPS TO TAKE when performing a risk assessment. You start by clearly defining what you will assess. This involves describing the system. You then collect data to identify threats and vulnerabilities. These threats and vulnerabilities help you identify the risks.

Then identify countermeasures or controls that can mitigate the risks. Evaluate in-place and planned controls. Finally, evaluate and recommend additional controls. You can support these recommendations with a cost-benefit analysis.

Chapter 6 Topics

This chapter covers the following topics and concepts:

  What to consider when selecting a risk assessment methodology

  How to identify the management structure

  How ...

Get Managing Risk in Information Systems, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.