Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31.0 $31.0
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, books, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

1 Author(s)

Risk management is a cornerstone component of a sound security governance program. The foundation of risk management is determining what needs protection, which is why establishing an asset inventory is fundamental. This chapter provides detailed guidance on constructing such an inventory and how to capture vulnerabilities, availability needs, and risk attributes for assets. The captured vulnerabilities, availability needs, and risk attribute information can then be used to establish the need for additional security controls, both procedural and technical. Also addressed at this point is the prioritizing of risks and the decision-making process as to which new controls should be deployed/implemented over time. The chapter then considers how new controls are acquired, that is, built in-house or purchased. Also discussed are procurement issues and finally consideration of new controls testing.