Issue No. 03 - May/June (2009 vol. 11)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MITP.2009.62
Hart Rossman , SAIC
Rick Kuhn , US National Institute of Standards and Technology
Simon Liu , US National Library of Medicine
Risk assessment involves gathering and evaluating risk information so that enterprise stakeholders can make mitigation decisions. Once we identify the risks, we can rank the probability of each one's occurrence and its impact on the organization. Some risks are more likely to occur than others, and different risks can affect an organization in different ways, so a practical risk assessment can help ensure that enterprises identify the most significant risks and determine the best actions for mitigating them.
IT professional, security, risk, threats, vulnerability
Hart Rossman, Rick Kuhn, Simon Liu, "Understanding Insecure IT: Practical Risk Assessment", IT Professional, vol. 11, no. , pp. 57-59, May/June 2009, doi:10.1109/MITP.2009.62