ABSTRACT
A security risk assessment can mean many things to many people. Within the context of this book, a security risk assessment is defined as ‘‘an analysis of the effectiveness of the current administrative, physical, and technical controls that together protect an organization’s assets.’’ Various regulations, guidelines, and other information sources sometimes call the security risk assessment by another name. Terms used include security audit, risk assessment, security testing, and so on. Other times a ‘‘security risk assessment,’’ is used to mean something different than what we describe in this book.
