Information Security Risk Assessment

Practices of Leading Organizations (Exposure Draft) Gao ID: AIMD-99-139 August 1, 1999

Because of its growing reliance on information technology, the government faces the continuing challenge of addressing computer security risks. This guide is intended to help federal managers implement an ongoing information security risk-assessment process by providing case studies of practical risk-assessment procedures that have been successfully adopted by four organizations--a multinational oil company, a financial services firm, a regulatory agency, and a computer company--known for their efforts to implement good risk-assessment practices. More importantly, GAO identifies factors that are important to the success of any risk-assessment program, regardless of the methodology used.



The Justia Government Accountability Office site republishes public reports retrieved from the U.S. GAO These reports should not be considered official, and do not necessarily reflect the views of Justia.