5 Data Gathering

One of the core phases of the security risk assessment project is the gathering of data on security controls within scope of the assessment. This phase involves the collection of evidence with respect to the security control existence and effectiveness within their existing environment and against the organizational security requirements. This phase of the security risk assessment is at the heart of the process and involves volumes of data, scores of activities, and many hours of effort. The data gathering phase is perhaps the most labor-intensive phase of the security risk assessment process and covers all of the organization’s security controls within the boundaries of the project.

The preparation for the data gathering phase ...

Get The Security Risk Assessment Handbook, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

The Security Risk Assessment Handbook, 3rd Edition by Douglas Landoll

5 Data Gathering

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly