Anatomy of a Risk Assessment

by Jesse Valentin
Oct. 7, 2017 0 comments INFOSEC Institute Pen Testing & Audits

To an organization that is serious about security and wants to identify the most efficient way to invest in security solutions, a risk assessment is absolutely necessary. This is because a properly executed assessment is sort of like a physical exam for the enterprise. It gives you a baseline understanding of your current “health posture” and shows where you need to concentrate your efforts to improve that posture. Another great aspect of an assessment is that the findings you uncover can be revisited repeatedly until they are completely addressed. This provides you with a historical view of your organization’s security posture and can highlight the progress of your hard work to resolve any problems. This article will discuss a simple way to go about organizing your efforts, how to structure your assessment and identify the areas that need the most attention. So, what’s the first step in conducting a Risk Assessment?