
39
© 2011 by Taylor & Francis Group, LLC
Chapter 3
Project Definition
A security risk assessment can mean many things to many people. Within the
context of this book, a security risk assessment is dened as an objective analysis of
the eectiveness of the current security controls that protect an organization’s assets
and a determination of the probability of losses to those assets. Various regulations,
guidelines, and other information sources sometimes call the security risk assess-
ment by another name. Terms used include security audit, risk assessment, security
testing, and so on. Other times, security risk assessment is used to mean someth ...