Destruction of obsolete computer equipment

Theft of a smartphone from an office

Sanitization and reuse of a flash drive

Employee deletion of a file

Risk assessments are not always precise.

Reviewers can optimize and reduce the cost of controls

Risk assessments demonstrate the value of risk management to senior management

Business risk is subject to frequent change

an emerging vulnerability

a vulnerability event

an emerging threat

an environmental risk factor

Gap analysis

The current IT risk profile

The IT controls framework

Countermeasure analysis

Input from senior management

Previous security incidents

Threats that the enterprise faces

Results of the risk analysis

assess the likelihood of the incident occurring at the risk practitioner's enterprise

discontinue the use of the vulnerable technology

report to senior management that the enterprise is not affected

remind staff that no similar security breaches have taken place

strength of controls

likelihood and impact

current risk profiles

scenario root cause