Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).
NIST Authors in Bold
|Author(s):||Simon Liu; David R. Kuhn; Hart Rossman;|
|Title:||Understanding Insecure IT: Practical Risk Assessment|
|Published:||May 27, 2009|
|Abstract:||IT systems have long been at risk from vulnerable software, malicious actions, or inadvertent user errors, in addition to run-of-the-mill natural and human-made disasters. As we discussed in the last issue ( Surviving Insecure IT: Effective Patch Management, pp. 49 51), effective patch management is essential for shoring up security vulnerabilities, but we ll still never witness perfect patch management and risk-free IT systems. Risk assessment is therefore critical for identifying, analyzing, and prioritizing IT security risks. Risk assessment involves gathering and evaluating risk information so that enterprise stakeholders can make mitigation decisions. Once we identify the risks, we can rank the probability of each one s occurrence and its impact on the organization. Some risks are more likely to occur than others, and different risks can affect an organization in different ways, so a practical risk assessment can help ensure that enterprises identify the most significant risks and determine the best actions for mitigating them.|
|Citation:||IT Professional (IEEE)|
|Pages:||pp. 57 - 59|
|Keywords:||information security, risk assessment, risk management|
|Research Areas:||Information Technology|
|DOI:||http://dx.doi.org/10.1109/MITP.2009.62 (Note: May link to a non-U.S. Government webpage)|
|PDF version:||Click here to retrieve PDF version of paper (44KB)|