4 RISK IDENTIFICATION
The first stage of the risk assessment process is that of risk identification, the purpose of which is to determine the threats and hazards that could cause loss or damage to an information asset, to identify any vulnerabilities exhibited by the information asset and to determine the possible impact or consequences to the information asset.
Regardless of whether or not the risks identified fall within the remit of the organisation, they must be included in the assessment, even though the root cause may remain hidden.
Just to recap, an impact on an information asset is the result of a threat or hazard taking advantage of a vulnerability; the likelihood of the threat or hazard succeeding in this depends on the type of threat ...
Get Information Risk Management: A practitioner’s guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
