Reviewing the Risk Assessment for the IT Infrastructure
Once a risk assessment has been completed and approved, it can be reviewed for the IT infrastructure. A risk assessment includes the following high-level steps:
- Identify and evaluate relevant threats.
- Identify and evaluate relevant vulnerabilities.
- Identify and evaluate countermeasures.
- Develop mitigating recommendations.
Next, management reviews the risk assessment. Management can approve, reject, or modify the recommendations. The management decisions are then documented and included in a plan of action and milestones document.
The following step is for the purpose of translating the risk assessment into an actual risk mitigation plan. Before jumping into this, the risk assessment ...
Get Managing Risk in Information Systems, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.