Please enable JavaScript.
Coggle requires JavaScript to display documents.
Performing a Risk Assessment - Coggle Diagram
Performing a Risk Assessment
Selecting a risk assessment methodology
identifying assets and activities to be addressed
identifying and evaluating relevant threats
Identifying and evaluating relevant vulnerabilities
identifying and evaluating relevant controls
assessing threats, vulnerabilities and exploits
evaluating risks
developing recommendations to mitigate risks
presenting recommendations to management
preliminary actions
defining the assessment
reviewing previous findings
identifying the Management structure
Network infrastructure
User and computer management
email servers
web servers
database servers
Identifying assets and activities within risk assessment boundaries
system access and availability
system functions
hardware and software assets
personnel assets
data and information assets
facilities and supplies
Identify threats
Reviewing historical data
Performing threat modeling
Methodology based on assessment needs
quantitiative
qualitative
Mitigating recommendations
threat//vulnerability pairs
estimate of cost and time to implement
estimate of operational impact
cost-benefit analysis
Best practices
ensuring systems are fully described
reviewing past audits
reviewing past risk assessments
matching risk assessment to the managements structures
identifying assets within the risk assessment boundaries
identifying and evaluating relevant threats, vulnerabilities, controls
tracking the results