Business harm
5. Likelihood
6. Third party risk analysis
7. Assessments
a. Statutory requirements
b. Contractual requirements
160 Manage Software Testing
c. Business practices
d. System deployment
e. Business system development
f. Business planning
g. Business procedure
h. Security controls
i. Security methods
j. Plan
k. Personnel security
l. Authority
m. Security management
n. Documentation security management
o. Data security management
p. Security incident management
q. System development security
r. User access management
s. Media security management
t. Network security management
u. PC, terminal, and mainframe security management
v. Other hardware security
8.16.4 The Existing Countermeasures Section
1. The major security measures currently in use or in the process of being installed.
2. The threat(s) and risk(s) each countermeasure is intended to address.
8.16.5 The Proposed Countermeasures Section
1. A prioritized list of recommended protective measures or safeguards and their costs.
2. A cost??“benefit analysis of each countermeasure.
3. The degree of risk acceptance or the remaining exposure after implementation of the recommended
protective measure.
4. The effect of implementing technical and procedural protective measures in terms of their effect
on the security of information assets.
5. The relationship of recommended safeguards to existing threats, information assets, and risks.
Pages:
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346