O'Reilly logo

Information Risk Management: A practitioner’s guide by Sutton, David

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

4 RISK IDENTIFICATION

The first stage of the risk assessment process is that of risk identification, the purpose of which is to determine the threats and hazards that could cause loss or damage to an information asset, to identify any vulnerabilities exhibited by the information asset and to determine the possible impact or consequences to the information asset.

Regardless of whether or not the risks identified fall within the remit of the organisation, they must be included in the assessment, even though the root cause may remain hidden.

Just to recap, an impact on an information asset is the result of a threat or hazard taking advantage of a vulnerability; the likelihood of the threat or hazard succeeding in this depends on the type of threat ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required