Information Security Risk Assessment Methods, Frameworks and Guidelines

by Michael Haythorn
Oct. 2, 2017 1 comment Infosecwriters Management

Assessing risk is a fundamental responsibility of information security professionals. The basic need to provide products or services creates a requirement to have assets. With assets comes the need protect them from the potential for loss. Conducting a risk assessment is an essential step for organizations in order to ensure than proper controls are in place to protect assets that are critical to business functions. Risk assessment can be a very complex task, one that requires multiple methodologies and resources to perform quantitative and qualitative analysis based on factual evidence as well as subjective opinion. Ultimately the organization bears the responsibility for accurate analysis and control measures.

http://www.infosecwriters.com/Papers/MHaythorn_Risk_Frameworks_guidelines.pdf

Avatar
Irina Alexandra Negrii 2 months ago

Many regulations and virtually all security frameworks require some objective assessment of risks..this paper cames just in time

Reply