Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Management
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Risk Management

from [lee_t_christie] Network Security [Permanent Link]
Subject: Risk Management
Date: 18 Apr 2006 18:32:30 -0000 
In your opinion is there a difference between risk assessment and risk analysis?

What are the major differences between audit and risk management?

In my own words audit is the process that compares current controls against 
governance or best practice to find areas that don't rise to standard and then 
recommend controls to address shortcomings. 

Risk management would be the process of assessing risk, deciding controls, 
implementing controls, and assessing effectiveness.  

In what category would you put Vulnerability Assessment / Penetration Testing?  
I would categorize it as part of audit but I may be wrong.

I need to clearly differentiate the two processes to management.  So any 
additions or subtractions would help me understand. 


Thanks,

Lee
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Risk Management, lee_t_christie <=
Previous by Date:  New site about security conferences : www.security-briefings.com, newslist@security-briefings.com
Next by Date:  Newslist about security conference, newslist@security-briefings.com
Previous by Thread:  New site about security conferences : www.security-briefings.com, newslist@security-briefings.com
Next by Thread:  Newslist about security conference, newslist@security-briefings.com
Indexes:  [Date] [Thread] [Top] [All Lists]