DISC InfoSec blog

By Bob Violino, CSO
Assessing and managing risk is a high priority for many organizations, and given the turbulent state of information security vulnerabilities and the need to be compliant with so many regulations, it’s a huge challenge.
Several formal IT risk-assessment frameworks have emerged over the years to help guide security and risk executives [...]

Image by Adam Melancon via Flickr
The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments
Definition – A risk assessment framework (RAF) is a strategy for prioritizing and sharing information about the security risks to an information technology (IT) infrastructure.
A good RAF organizes and presents information in a way that both technical [...]