Biology for Computer Engineers Course Handout.pptx
Chapter 4 Risk Management.pptx
1.
2. Slide 2
Learning Objectives:
Upon completion of this chapter you should be able to:
– Define risk management and its role in the
SecSDLC
– Understand how risk is identified
– Assess risk based on the likelihood of occurrence
and impact on an organization
– Grasp the fundamental aspects of documenting
risk identification and assessment
3. 3
Introduction
• Risk management: Risk management involves
three major Processes:
Risk identification, Risk assessment, and Risk
control
– Risk identification: process of examining an
organization’s current information technology
security situation
– Risk assessment : is the determination of the
extent to which the organization’s information
assets are exposed or at risk.
– Risk control: applying controls to reduce risks to
an organizations data and information systems