5 Data Gathering
One of the core phases of the security risk assessment project is the gathering of data on security controls within scope of the assessment. This phase involves the collection of evidence with respect to the security control existence and effectiveness within their existing environment and against the organizational security requirements. This phase of the security risk assessment is at the heart of the process and involves volumes of data, scores of activities, and many hours of effort. The data gathering phase is perhaps the most labor-intensive phase of the security risk assessment process and covers all of the organization’s security controls within the boundaries of the project.
The preparation for the data gathering phase ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access