Issue No.03 - May/June (2009 vol.11)
Simon Liu , US National Library of Medicine
Rick Kuhn , US National Institute of Standards and Technology
Hart Rossman , SAIC
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MITP.2009.62
Risk assessment involves gathering and evaluating risk information so that enterprise stakeholders can make mitigation decisions. Once we identify the risks, we can rank the probability of each one's occurrence and its impact on the organization. Some risks are more likely to occur than others, and different risks can affect an organization in different ways, so a practical risk assessment can help ensure that enterprises identify the most significant risks and determine the best actions for mitigating them.
IT professional, security, risk, threats, vulnerability
Simon Liu, Rick Kuhn, Hart Rossman, "Understanding Insecure IT: Practical Risk Assessment", IT Professional, vol.11, no. 3, pp. 57-59, May/June 2009, doi:10.1109/MITP.2009.62