Performing Risk Assessments

A risk assessment is a point-in-time evaluation. It looks at the current situation and attempts to determine what risks exist and how to address them. For example, you can perform a risk assessment to determine risks for e-mail servers in your organization. This assessment will examine current threats, system configuration, interconnectivity, the amount of e-mail processed, fault-tolerance capabilities, power and air conditioning requirements, and more. However, after the assessment is completed, any of these elements can change, affecting the results of the assessment.

imageEXAM TIP A risk assessment looks at risks at a ...

Get SSCP Systems Security Certified Practitioner All-in-One Exam Guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.