Security Risk Analysis ◾ 375
© 2011 by Taylor & Francis Group, LLC
provides its own approach for consolidating and presenting this information (see
Table9.5).
9.3 Team Review of Security Risk Statements
Because of the large amount of data generally compiled during the data-gathering
stage, it is a good idea for the security risk assessment team to divide up the task of
creating security risk statements. Generally, the statements can be divided up along
the areas of study, that is, administrative, physical, and technical. Further division
can be accomplished by subdividing the technical areas according to systems or
subgroups of the systems.
Team members should work alone or in small groups (e.g., two people) to cre-
ate the security risk s