How to handle requirements for risk assessment methodologies

How to handle requirements for risk assessment methodologies


Over time, the information security/risk management profession has developed a variety of methods for assessing risk within an organization. These methods often reflect the conditions and objectives of the organization being assessed (as understood by the assessor), the prevailing practices within the profession at the time, the experience and knowledge level of the assessor(s), as well as any bias or agenda the  assessor(s) might bring to the table. Another important factor that has often played a role is the definition of “risk” as used within the methodology. As a result of these variables, risk assessment results have varied widely in terms of consistency, accuracy, and utility to management. This  Guide seeks to identify and articulate the characteristics that make up effective risk assessment methodologies, thus providing a standard set of guidelines for risk assessment methodologies

24 Oct 2011
25 Nov 2010
28 Page(s)
White Paper
Already a Bitpipe member? Login here

Download this White Paper!

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.