Guest
Measurement of the absolute risk
Hi friends,
Could you help me with the following question please:
To measure the absolute risk, is necessary to evaluate the asset without protections neither controls of any kind, or it is measure with the protections or controls implemented currently on the asset?
Which would be the best approach and why? Which you use and recommend?
Thank so much
Best regards.
Assign topic to the user
To evaluate the risk, you should take in consideration the security controls that exist in the organization for each asset. This approach is more real and more closer to the reality of your business, because considers the current controls. If not, you will have a point of view that not reflects the reality. So, our recommendation is the first approach, I mean, that you consider current security controls.
Comment as guest or Sign in
Jan 12, 2016
Jan 12, 2016
Jan 12, 2016