Initial Risk Assessment Report

Conduct a Risk Assessment to identify the information system:

  • Threat
  • Vulnerability/Weakness
  • Impact

Risk Assessment (RA) is conducted through:

  • Examination-
    • Review existing documents (policies, procedures, previous assessment, etc.…)
    • Observation-Observe the implementation of controls
    • Walkthrough-Take tour of a building to take note of security control implementation
  • Interview-System owner, system administrators, developer etc.…..
  • Testing- test existing control (Test fail login attempt)
error: Content is protected !!