Selecting a Risk Assessment Methodology
Once the decision has been made to perform a risk assessment, an outline will need to be created to guide the process by deciding what specific steps to take. Performing a risk assessment isn’t a project decided on one day and completed the next. It takes time and planning.
The two primary types of risk assessment approaches are quantitative and qualitative. This chapter helps to paint the overall picture of both approaches. In general, a risk assessment involves the following steps:
- Identifying assets and activities to be addressed
- Identifying and evaluating relevant threats
- Identifying and evaluating relevant vulnerabilities
- Identifying and evaluating relevant controls
- Assessing threats, vulnerabilities, ...
Get Managing Risk in Information Systems, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
