Posts

Showing posts from November, 2022

Risk Assessment

Risk assessment is the process of assessing security-related risks to an organization’s computers and networks from both internal and external threats. Such threats can prevent an organization from meeting its key business objectives. The goal of risk assessment is to identify which investments of time and resources will best protect the organization from its most likely and serious threats. Steps of general security risk assessment - Identify the set of IT assets about which the organization is most concerned. Priority is typically given to those assets that support the organization’s mission and the meeting of its primary business goals. - Identify the loss events or the risks or threats that could occur, such as a distributed denial-of-service attack or insider fraud. - Assess frequency of events or the likelihood of each potential threat; some threats, such as insider fraud, are more likely to occur than others. - Determine the impact of each threat occurring. Would the thr...