3 The GAO Report Information Security Risk Assessment identi

3. The GAO Report, Information Security Risk Assessment, identified three methods of conducting and documenting the assessment. These three methods were discussed in class. Using the information from the case study provided below identify the pertinent threats, vulnerabilities, and recommended countermeasures using one of the risk assessment methods from the GAO Report. (15 points) Case Study: Recently, the Department of Veteran’s Affairs reported that an employee took a laptop computer home that contained records of millions of veterans. The computer was stolen. You were hired as an outside consultant to conduct a risk assessment and present the results to the Department’s Chief Information Security Officer so she can prepare for a Congressional testimony

Solution

All essentials of the risk management sequence are main risk assessment present the base for further elements of the set. In risk assessments present a source for establish suitable policy and select price effective technique to apply this policy. Risks and threats modify more instances, it is essential that organization frequently reconsider risks the suitability and effectiveness of the policy and control they have chosen. This ongoing cycle of action, include risk assessment, is illustrate in the next description of the risk management cycle

Basic Elements of the Risk Assessment Process

Assessing Information Security Risks

Consistently assessing information security risks can be further hard then assess further kind of risks, since the information on the probability and expenses related with information security risk feature are a lot more incomplete and since risk thing are continually altering. Example