Abstract

Through the process of risk assessment, an organization works to ensure that the level of risk it takes on is appropriate for their organization. A risk assessor is responsible for working through this process. Different organizations use different frameworks for evaluating their risks, and though the risk assessor will need to become proficient in the framework of choice, the skills developed will be applicable to other frameworks as well. Risk can occur in many forms, and information security risk assessors are responsible for ensuring that the risks are documented and evaluated for organizational impact.