Reviewing the Risk Assessment for the IT Infrastructure

Once a risk assessment has been completed and approved, it can be reviewed for the IT infrastructure. A risk assessment includes the following high-level steps:

  • Identify and evaluate relevant threats.
  • Identify and evaluate relevant vulnerabilities.
  • Identify and evaluate countermeasures.
  • Develop mitigating recommendations.

Next, management reviews the risk assessment. Management can approve, reject, or modify the recommendations. The management decisions are then documented and included in a plan of action and milestones document.

The following step is for the purpose of translating the risk assessment into an actual risk mitigation plan. Before jumping into this, the risk assessment ...

Get Managing Risk in Information Systems, 3rd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.