Risk assessment
1. Define the purpose and objectives of an IT risk assessment.
2. Align identified risks, threats, and vulnerabilities to an IT risk assessment that encompasses the seven domains of a typical IT infrastructure.
3. Classify identified risks, threats, and vulnerabilities according to a qualitative risk assessment template.
4. Prioritize classified risks, threats, and vulnerabilities according to the defined qualitative risk assessment scale.
5. Craft an executive summary that addresses the risk assessment findings, risk assessment impact, and recommendations to remediate areas of noncompliance.
9. Using the table from step 6, perform a qualitative risk assessment by assigning a risk impact/risk factor to each of the identified risks, threats, and vulnerabilities throughout the seven domains of a typical IT infrastructure where the risk, threat, or vulnerability resides.