INFORMATION SECURITY RISK ASSESSMENT: Practices of Leading Organizations. Exposure Draft

INFORMATION SECURITY RISK ASSESSMENT: Practices of Leading Organizations. Exposure Draft

Active / Technical Report | Accession Number: ADA391082 |

Abstract:

Managing the security risks associated with our governments growing reliance on information technology is a continuing challenge. In particular, federal agencies, like many private organizations, have struggled to find efficient ways to ensure that they fully understand the information security risks affecting their operations and implement appropriate controls to mitigate these risks. This guide, which we are initially issuing as an exposure draft, is intended to help federal managers implement an ongoing information security risk assessment process by providing examples, or case studies, of practical risk assessment procedures that have been successfully adopted by four organizations known for their efforts to implement good risk assessment practices. More importantly, it identifies, based on the case studies, factors that are important to the success of any risk assessment program, regardless of the specific methodology employed.

Author(s):

No Author(s) Identified

Author Organization(s):

GENERAL ACCOUNTING OFFICE WASHINGTON DC ACCOUNTING AND INFORMATION MANAGEMENT DIV

Pagination:

0052

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution:

Approved For Public Release

RECORD

Collection: TR

Identifying Numbers

Report Number(s):

GAO/AIMD-99-139

Monitor Series:

GAO/AIMD

Subject Terms

Joint Capability Areas:

JCA_5_Command and Control; JCA_5.3_Planning; JCA_2_Battlespace Awareness; JCA_2.1_Planning and Direction; JCA_2.1.4_Evaluation; JCA_5.3.2_Apply Situational Understanding; JCA_5.3.4_Develop Courses of Action; JCA_5.3.5_Analyze Courses of Action; JCA_5.3.3_Develop Strategy; JCA_8_Building Partnerships; JCA_8.2_Shape; JCA_8.2.4_Leverage Capacities and Capabilities of Security Establishments; JCA_6.4.1_Secure Information Exchange; JCA_6_Net Centric; JCA_6.4_Information Assurance; JCA_5.6_Monitor; JCA_4.7.2_Installation Services; JCA_4.7_Base and Installations Support; JCA_3.2_Engagement; JCA_3_Force Application; JCA_3.2.2_Non-Kinetic Means

Communities of Interest:

Cyber

Descriptor(s):

*INFORMATION SECURITY, UNITED STATES GOVERNMENT, INFORMATION SYSTEMS, DATA PROCESSING SECURITY, CASE STUDIES, RISK ANALYSIS

Field(s)/Group(s):

Computer Systems Management and Standards

Keyword(s):

IATAC, COLLECTION, GAO REPORTS, EXPOSURE DRAFT

Report Date:

1999 Aug 01

Creation Date:

2001 Jun 27