Al_S
asked on
How to structure an overall security risk assessment?
Hi,
I was just asked to conduct an overall, not a detailed, IS security risk assessment. I'm looking for some references in risk asessment and reporting (not risk mitigation). This includes establishing risk and impact criteria / definitions (e.g., "High" means ...), a way to assess, prioritize and report risks, etc.
I've done detailed risk assessments and security analysis, so I'm comfortable with the detailed aspect. I'm more looking for advise on how to structure and frame the detailed results and high-level observations into a management framework My audience is CIO level at 10,000 employee firm.
I plan to look at the CERT and CISSP sites. Any other suggestions for places to pick up ideas?
Thank you!
Al
I was just asked to conduct an overall, not a detailed, IS security risk assessment. I'm looking for some references in risk asessment and reporting (not risk mitigation). This includes establishing risk and impact criteria / definitions (e.g., "High" means ...), a way to assess, prioritize and report risks, etc.
I've done detailed risk assessments and security analysis, so I'm comfortable with the detailed aspect. I'm more looking for advise on how to structure and frame the detailed results and high-level observations into a management framework My audience is CIO level at 10,000 employee firm.
I plan to look at the CERT and CISSP sites. Any other suggestions for places to pick up ideas?
Thank you!
Al
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I will leave the following recommendation for this question in the Cleanup topic area:
SPLIT: chris_calabrese{7988788} & spreston{7988928}
Please leave any comments here within the next seven days.
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!
zenlion420
EE Page Editor