One of the most important first steps to risk management and implementing is risk assessment.
You are required to perform a risk assessment on one particular IT system of your choice. You
can either follow a qualitative or quantitative method (select the methodology based on
assessment needs). Before progressing with the RA, you need to complete two preliminary
actions:
- Define the assessment.
- Review previous findings if available
Then start preforming the risk assessment in detail as it has been explained to you during the
lectures (chapter 5 and chapter 6)
- Identify the management structure (optional)
- Identify assets and activities to address.
- Identify and evaluate relevant threats.
- Identify and evaluate relevant vulnerabilities.
- Identify and evaluate relevant countermeasures.
- Evaluate risks.
- Develop recommendations to mitigate risks.
0 comments