Chapter 3 Information Security Risk Assessment: Data Collection

Information in this chapter:

• The Sponsor

• The Project Team

• Data Collection Mechanisms

• Document Requests

• IT Asset Inventories

• Asset Scoping

• The Asset Profile Survey

• The Control Survey

• Survey Support Activities and Wrap-Up

• Consolidation

Introduction

The cornerstone of an effective information security risk assessment is data. Without data to support an assessment there is very little value to the risk assessment and the assessment you perform can be construed as mere guesswork.

Data collection is by far the most rigorous and most encompassing activity in an information security risk assessment project. There are many factors that affect the success of the data collection ...

Get Information Security Risk Assessment Toolkit now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Information Security Risk Assessment Toolkit by Mark Talabis, Jason Martin

Chapter 3

Information Security Risk Assessment: Data Collection

Information in this chapter:

Introduction

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly