I’m working on a Management report and need an explanation to help me study.
One of the most important first steps to risk management and implementing is risk assessment. You are required to perform a risk assessment on one particular IT system of your choice. You can either follow a qualitative or quantitative method (select the methodology based on assessment needs). Before progressing with the RA, you need to complete two preliminary actions:
Define the assessment.
Review previous findings if available
Then start preforming the risk assessment in detail as it has been explained to you during the lectures (chapter 5 and chapter 6)
Identify the management structure (optional)
Identify assets and activities to address.
Identify and evaluate relevant threats.
Identify and evaluate relevant vulnerabilities.
Identify and evaluate relevant countermeasures.
Evaluate risks.
Develop recommendations to mitigate risks.
Sample Solution
