ABSTRACT
A security risk assessment can mean many things to many people. Within the context of this book, a security risk assessment is de‹ned as an objective analysis of the e¤ectiveness of the current security controls that protect an organization’s assets and a determination of the probability of losses to those assets. Various regulations, guidelines, and other information sources sometimes call the security risk assessment by another name. Terms used include security audit, risk assessment, security testing, and so on. Other times, security risk assessment is used to mean something di¤erent from what is described in this book.
