Assessing risk

Assessing risk begins with baselining, establishing a current state to get to the desired state.  Progress is measured by meeting milestones and objectives, i.e. a maturing process.  For example,  the capability maturity model has the following framework:

  1. Initial – informal
  2. Documented Strategy & Principles – formalizing
  3. Adaptive Security Architecture – well defined
  4. Security Organization & Roadmap – optimized
  5. Baseline Security Standards – quantitatively controlled

Give examples of risk at the level of these categories and how each level mitigates risks from the previous level?

 
"Is this qustion part of your assignmentt? We will write the assignment for you. click order now and get up to 40% Discount"