ISSC363 Assignment 3
Conducting a thorough risk assessment is certainly one of the top priorities in the overall risk management program. It is a process of identifying and evaluating the risks that can have a negative impact on an organization. Once the risks have been successfully captured, they can be assessed and prioritized according to the severity of their potential impact. While every organization should have a continuous risk management program, a risk assessment is conducted at a given moment in time, and as such should be repeated on some predetermined schedule to reevaluate the risks and adjust as appropriate. To conduct an effective risk assessment, it’s important to be able to fundamentally describe of the purpose of a risk assessment, risk scope and identify critical areas for an assessment. Additionally, a methodology that is appropriate for the risk assessment should be selected.
At its core, the purpose of a risk assessment is identifying and evaluating risks that may potentially have a negative impact on an organization. It can help management understand the impact in terms of costs to the organization or the severity of a loss depending on the methodology used to conduct the risk assessment. The goal is to provide sound recommendations based on the risk assessment to help maintain data confidentiality, integrity and vulnerability while ensuring functionality and usability. Based on the results, management can make more informed decisions about what resources to protect, how to protect them and understand the potential costs and impact. Once the purpose of the risk assessment is understood, defining the scope is next.
The scope of a risk assessment is possibly one of the most important steps to be conducted. The scope defines the limitations and sets the parameters of the risk assessment to ensure it stays within costs and the desired timeframe. The scope identifies the required resources, systems/applications to be assessed and protected, and the level
At its core, the purpose of a risk assessment is identifying and evaluating risks that may potentially have a negative impact on an organization. It can help management understand the impact in terms of costs to the organization or the severity of a loss depending on the methodology used to conduct the risk assessment. The goal is to provide sound recommendations based on the risk assessment to help maintain data confidentiality, integrity and vulnerability while ensuring functionality and usability. Based on the results, management can make more informed decisions about what resources to protect, how to protect them and understand the potential costs and impact. Once the purpose of the risk assessment is understood, defining the scope is next.
The scope of a risk assessment is possibly one of the most important steps to be conducted. The scope defines the limitations and sets the parameters of the risk assessment to ensure it stays within costs and the desired timeframe. The scope identifies the required resources, systems/applications to be assessed and protected, and the level
References: Bayne, J. (2002). An overview of threat and risk assessment. SANS Institute. Retrieved from http://www.sans.org/reading-room/whitepapers/auditing/overview-threat-risk-assessment-76 Gibson, D. (2010). Managing Risk in Information Systems. Sudbury, MA. Jones & Bartlett Learning. Retrieved from http://ebooks.apus.edu.ezproxy2.apus.edu/ISSC363/Gibson_2011_Ch5.pdf