5 THREAT AND VULNERABILITY ASSESSMENT
In 2002, US Secretary of State Donald Rumsfeld said the following during a briefing:
There are known knowns; there are things that we know that we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns, the ones we don’t know we don’t know.
This is partly true of threats, but very true of vulnerabilities.
CONDUCTING THREAT ASSESSMENTS
Some experts believe that the threat and vulnerability assessments should be carried out ahead of the impact assessments; others disagree and opt for the reverse arrangement.
The author believes that, in practice, either method will suffice as long as the information assets have been clearly ...
Get Information Risk Management: A practitioner’s guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
