Accessibility Links

Accessibility Links

Infosec
English 繁體版 简体版

Navigation Menu 1

General UsersYoungsters & StudentsParents and TeachersIT ProfessionalsSME
FAQ Search :
Change text size: Text Size: Default Size (A) Text Size: Larger (A) Text Size: Largest (A)
general user youngsters and students parents and teachers IT professionals sme

Navigation Menu 2

 

Security Management  

 
 

Assessing Security Risks

The security management cycle starts with an assessment of the security risks. Security Risk Assessment is done to identify what security measures are required. It is the initial step in evaluating and identifying the risks and consequences associated with vulnerabilities, and provides a basis for management to establish a cost-effective security program.

Based on the assessment results, appropriate security protection and safeguards should be implemented to maintain a secure protection framework. This includes developing security policies and guidelines, assigning security responsibilities and implementing technical security precautions and systems.

This step is followed by a cyclic compliance review and re-assessment, designed to provide assurance that security controls are put into place properly in order to meet users' security requirements, and to cope with rapid technological and environmental changes. This relies on continuous feedback and monitoring. The review can be undertaken through periodic security audits to identify what enhancements may be necessary.

By evaluating a list of considerations, you can identify what assets to protect, their relative importance, and each asset's priority ranking for urgency and required level of protection. The flow chart below shows the major steps in Security Risk Assessment.

Security Risk Assessment Steps

Security Risk Assessment Steps Planning Information Gathering Risk Analysis Vulnerability Scanners Identifying & Selecting Safeguards Implementation Monitoring

 
 
     
Back back to topTop
 

Footer Menu

Sitemap | Contact Us | Privacy Policy | Important Notices
 
General Users Youngsters & Students Parents & Teachers IT Professionals SME