Cis 560 dB 1
“Assessing Risks”
Access control starts first with assessing risks so you can properly identify potential threats and determine how to mitigate those risks.
- Your CIO has asked you to conduct a risk assessment on a newly acquired division that works on product development and has their own servers that will be joined into the existing network. Describe the steps you would take, including the areas you would assess and the reasoning for your approach. Would you use a qualitative or quantitative approach to this assessment? Justify your reasoning. Are there any external tools or websites that would be useful when conducting an assessment? Share your findings with your classmates and provide any links to any useful resources you find.
Additional post option: How do you determine who or what will assume liability for a risk?