Understanding IT Risk Assessment

The probability of an unexpected, adverse business outcome when a specific threat or malicious actor exploits an information system vulnerability.

The cost associated with purchasing hardware.

The process of implementing new software solutions.

The ability to predict future technology trends.

ISO 20000

COBIT Framework

ITIL Service Management

NIST Risk Management Framework (RMF)

Confidentiality, Integrity, Accountability

Confidentiality, Integrity, Authenticity

Confidentiality, Integrity, Accessibility

Confidentiality, Integrity, Availability

Subjective risk evaluation

Statistical risk analysis

Quantitative risk assessment

Qualitative risk assessment

Subjective judgment and expert opinions.

Historical data and trend analysis.

Mathematical calculations and algorithms.

Statistical analysis and data modeling.

Dilute

Transfer

Reduction

Accept

ITIL v3

ISO/IEC 27005

NIST SP 800-53

COBIT 5

True

False

True

False

Mandatory Training and awareness on InfoSec Policy

Send emails

Thinking that people would know, they do not do mistakes

Inform one person to inform another person not to do mistakes