Threat: A potential cause of an unwanted Incident, which may result in harm to a System or OrganizationVulnerability: A vulnerability is a weakness of an asset or control that could potentially be exploited by one or more threats.Risk: A combination of the probability of an Event and its Consequence Risk Assessment is the total sumContinue reading “Threat, Risk and Vulnerability”
Tag Archives: risk
Risk Assessment and Audit Charter
Risk Assessment The whole CISA exam works around the concepts of risk assessment methodology. ISACA expects aspirants to have deep knowledge of terms in risk assessment. What is risk? A probability or threat of damage, injury, liability, loss or any other negative occurrence that is caused by external or internal vulnerabilities and that may beContinue reading “Risk Assessment and Audit Charter”
Governance, Risk and Compliance
GRC is an acronym of Governance, Risk management and Compliance. GRC of every organization is different and varies based on the type of organization. It depends on organization mission, size, industry, culture and legal regulations. Ultimate responsibility of GRC program is to protect their assets and operations, including their IT infrastructure and information. Governance ItContinue reading “Governance, Risk and Compliance”
Security and Risk Management
Information Security Management Information security is the process of protecting information and information systems from the following: Unauthorized disclosure, access and use Destruction Deletion Modification Disruption Factors that impact information security Technology Platforms and tool used Network Connectivity Level of IT complexity New or emerging security tools Operational support for security Business Plan and EnvironmentContinue reading “Security and Risk Management”
