Security Audit and Assessment

Risk assessments is an integral part of managing risks. Organizations need to develop procedures to ensure that this aspect of their information security program is not neglected. Procedures should be implemented to help ensure that these risks are periodically discussed and understood and that the most significant risks are identified and addressed.

With the increased reliance on networked computer systems in recent years it has accentuated serious and real vulnerabilities that should prompt organizations to bolster their efforts to assess information security risks.

The critical success factors, methods and tools, and benefits are illustrated in the following diagram.

 

Visio Diagram