ABSTRACT
There are as many different styles and types of risk analysis as there are enterprises trying to run them. In the 2003 Computer Security Institute’s
Buyer’s Guide
there were 26 different ads for risk analysis products, software, and consulting services. The organizations that are most satisfied with their risk analysis process are those that have defined a relatively simple process that can be adapted to various business units and involve a mix of individuals with knowledge of business operations and technical aspects of the systems or resources being analyzed.
