ABSTRACT
There are many security risk assessment methods available and currently in use. Depending on the specific one employed, a security risk assessment may have any number of steps or phases, and each of these phases may have slightly different names. This chapter briefly discusses these phases. Although the calculation and presentation of these risks can vary greatly, depending on the security risk assessment method being used, three key components exist in nearly all industry accepted methods: assets, threats, and vulnerabilities Each of these key components to determine security risk are discussed in greater detail. The chapter considers the selection and recommendation of security controls, or safeguards, to be put in place to protect the organization’s assets from the derived security risk. Administrative security controls include controls that require technical skills such as risk assessments, security testing, and code review.
