Introduction ◾ 11
© 2011 by Taylor & Francis Group, LLC
the security risk assessment team was able to “piggyback” through physical access
controls (e.g., trailing behind someone who has swiped a badge to open a door),
consider letting the organization’s employees know the results of those tasks. is
will increase their awareness that such breaches can actually occur and that it is
their responsibility to help enforce current policies.
e security risk assessment should conclude with a list of security risks to the
organization’s assets and an indication of the organization’s overall security posture.
ese results can be compared to the previous and future results to assist in tracking
the progress of the information security program. Orga