Peer Reviewed

Risk Assessment and Management of Information Assets

Assessing and managing the risks associated with IT and information assets are some of the most challenging tasks facing a Chief Information Officer or Chief Information Security Officer. Yet, with so many day-to-day pressures on time and resources, it is perhaps not surprising that it often does not get their full attention. However, with frequent reports of new vulnerabilities, hacking attacks and data breaches, it is an essential activity. This article explains what information security risk assessment and management is, and why it is necessary. It identifies some popular frameworks for carrying out an assessment and discusses their common features including identifying assets, threats and vulnerabilities, impact and likelihood. It summarises the process of undertaking a risk assessment and how the identified risks are subsequently managed and monitored. It also identifies some of the pitfalls and challenges that organisations may face and looks at ways of making the process meaningful to business.

Go to the profile of Stephen Hancock
Nov 10, 2016

Please sign in or register for FREE

Register to E&T Cyber Security Hub

E&T Cyber Security Hub brings together engineers and cyber security specialists to share practical know-how. With content created ‘by engineers, for engineers,’ it provides peer-reviewed technical information, real-world insights, lessons learnt and case studies, as well as tools for networking and knowledge-sharing, profiles of experts and the opportunity for companies to showcase their expertise.


No comments yet.