Information Security Risk Assessment Methods, Frameworks and Guidelines
Contributed by Michael Haythorn
Assessing risk is a fundamental responsibility of information security professionals. The basic need to provide products or services creates a requirement to have assets. With assets comes the need protect them from the potential for loss. Conducting a risk assessment is an essential step for organizations in order to ensure than proper controls are in place to protect assets that are critical to business functions. Risk assessment can be a very complex task, one that requires multiple methodologies and resources to perform quantitative and qualitative analysis based on factual evidence as well as subjective opinion. Ultimately the organization bears the responsibility for accurate analysis and control measures.
This document is in PDF format. To view it click here.