Summary
Risk assessment is the process of evaluating and cataloging the threats, vulnerabilities, and weaknesses that exist in the systems being used. The risk assessment should tie in with BCP to ensure that all bases are covered.
Security models begin with an understanding of the business issues an organization is facing. The following business issues must be evaluated:
- Policies
- Standards
- Guidelines
A good policy design includes scope statements, overview statements, accountability expectations, and exceptions. Each of these aspects of a well-crafted policy helps set the expectation for everyone in a company. For a policy to be effective, it needs the unequivocal support of the senior management or decision makers in an organization.
Get CompTIA® Security+™: Study Guide, Fifth Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
