Chapter 4

Risk Profiling

Information in this Chapter

Introduction

If you think about your own organization, you can probably come up with a list of critical resources without much effort. You may or may not have formal criteria established to distinguish critical resources. Depending on the industry and business model of your organization, this may be an easy exercise. You probably think about the organization’s intellectual property or infrastructure that supports a core service. Whatever your criteria are, the idea is to categorize resources into levels of importance and use this information to prioritize your assessment efforts. In risk management, ...

Get Security Risk Management now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.