The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments
The following are the common steps that should be taken to perform a security risk assessment. These are just basic common steps which should not be followed as is but modified based on organization assessment scope and business requirements.
• Identify the business needs [...]
Information Technology Control and Audit
The audit is utilized as a tool to check compliance control based on standards such as ISO 27002 or NIST 800-53 etc. Some other terms which are not sometime rigorous audit have been used to asses controls are gap analysis, benchmarking and control review.
Scoping sets the boundaries of the audit, where [...]
Last year the department of Health and Human Services (HHS) started penalizing healthcare organizations for security breaches and lack of security program. Healthcare stimulus bill says that HHS will post a breach of healthcare organization on their website. In both cases the intent is clear that HHS want to hold healthcare organizations accountable for security [...]
According to a study released by European Union ENISA, Small-to-Medium-Sized (SME) enterprises require extra guidance in assessment of IT security risks of their assets.
Agency also established that in the first implementation it is improbable that SME can utilize a risk assessment & risk management approach without external assistance and simplified information security approach was extremely [...]
