O'Reilly logo

Managing Information Risk: A Director's Guide by Stewart Mitchell

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CHAPTER 5: RISK ASSESSMENT

A risk assessment is essential in forming a clearer picture of how external and internal threats could impact on your organisation, how severe and how likely those threats are and how well your organisation is already prepared.

There are many process possibilities for conducting a risk assessment, but a good starting point for directors is the NIST’s guidance in SP 800-30. The Institute identifies nine stages of the information risk assessment process, starting with a review of the existing or proposed system and ending with a commitment to monitor the system on an ongoing basis.

System characterisation

By defining the scope of the risk management process, directors and IT personnel can understand the boundaries ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required