Issue No. 03 - May/June (2009 vol. 11)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MITP.2009.62
Simon Liu , US National Library of Medicine
Rick Kuhn , US National Institute of Standards and Technology
Hart Rossman , SAIC
Risk assessment involves gathering and evaluating risk information so that enterprise stakeholders can make mitigation decisions. Once we identify the risks, we can rank the probability of each one's occurrence and its impact on the organization. Some risks are more likely to occur than others, and different risks can affect an organization in different ways, so a practical risk assessment can help ensure that enterprises identify the most significant risks and determine the best actions for mitigating them.
IT professional, security, risk, threats, vulnerability
H. Rossman, R. Kuhn and S. Liu, "Understanding Insecure IT: Practical Risk Assessment," in IT Professional, vol. 11, no. , pp. 57-59, 2009.