Risk Identification Techniques
Risk and losses were presented earlier in this chapter. Risk is the likelihood or probability that something unexpected is going to occur. Some risks lead to losses. Losses occur when a threat exposes a vulnerability and harms an asset. To identify risks, these three steps need to be followed:
- Identifying threats
- Identifying vulnerabilities
- Estimating the likelihood of a threat exploiting a vulnerability to harm an asset
The following sections explore these concepts.
Identifying Threats
A threat is any circumstance or event with the potential to cause a loss. Said another way, it is any activity that represents a possible danger. The loss or danger is directly related to one of the following:
- Loss of confidentiality ...
Get Managing Risk in Information Systems, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
