Evaluation Of A Risk Assessment Is Test The Security Level Of Our Current It Environment
The purpose of this risk assessment is test the security level of our current IT environment and provide a Baseline for future analysis and comparison for later security tests. This assessment recognizes risks, threats and vulnerabilities and the safeguard measures against them.
The scope of this assessment covers any devices connected to the network that may pose concern for unauthorized data access that may hinder confidentiality, Integrity and Availability of proprietary or personal information.
This risk assessment methodology and approach was conducted using the guidelines in NIST SP 800-30, Risk Management Guide for Information Technology Systems. (NIST SP). The assessment is broad in scope and evaluates security vulnerabilities affecting confidentiality, integrity, and availability. The assessment recommends appropriate security safeguards, permitting management to make knowledge-based decisions about security-related initiatives. The methodology addresses the following types of controls:
• Management Controls: Management of the information technology (IT) security system and the management and acceptance of risk
• Operational Controls: Security methods focusing on mechanisms implemented and executed primarily by people (as opposed to systems), including all aspects of physical security, media safeguards, and inventory controls
• Technical Controls: Hardware and software controls providing automated protection to the system or applications…