INFORMATION SECURITY RISK ASSESSMENT: Practices of Leading Organizations. Exposure Draft

Abstract

Managing the security risks associated with our government's growing reliance on information technology is a continuing challenge. In particular, federal agencies, like many private organizations, have struggled to find efficient ways to ensure that they fully understand the information security risks affecting their operations and implement appropriate controls to mitigate these risks. This guide, which we are initially issuing as an exposure draft, is intended to help federal managers implement an ongoing information security risk assessment process by providing examples, or case studies, of practical risk assessment procedures that have been successfully adopted by four organizations known for their efforts to implement good risk assessment practices. More importantly, it identifies, based on the case studies, factors that are important to the success of any risk assessment program, regardless of the specific methodology employed.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Aug 01, 1999
Accession Number
ADA391082

Entities

Organizations

  • United States Government Accountability Office

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Authentication
  • Business Administration
  • Case Studies
  • Computer Access Control
  • Electronic Mail
  • Geographic Regions
  • Information Operations
  • Information Processing
  • Information Security
  • Information Systems
  • Risk
  • Risk Analysis
  • Risk Management
  • Security
  • Systems Engineering
  • Unauthorized Disclosure
  • Vulnerability

Fields of Study

  • Computer science

Readers

  • Aviation Safety Risk Assessment.
  • Cybersecurity.
  • Joint Military Operations and Doctrine.