Issue No.03 - May/June (2009 vol.11)
Rick Kuhn , US National Institute of Standards and Technology
Simon Liu , US National Library of Medicine
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MITP.2009.62
Risk assessment involves gathering and evaluating risk information so that enterprise stakeholders can make mitigation decisions. Once we identify the risks, we can rank the probability of each one's occurrence and its impact on the organization. Some risks are more likely to occur than others, and different risks can affect an organization in different ways, so a practical risk assessment can help ensure that enterprises identify the most significant risks and determine the best actions for mitigating them.
IT professional, security, risk, threats, vulnerability
Rick Kuhn, Simon Liu, "Understanding Insecure IT: Practical Risk Assessment", IT Professional, vol.11, no. 3, pp. 57-59, May/June 2009, doi:10.1109/MITP.2009.62