Menu Search Account

LegiStorm

Get LegiStorm App Visit Product Demo Website
» Get LegiStorm App
» Get LegiStorm Pro Free Demo

Information Security Risk Assessment: Practices of Leading Organizations

  Premium   Download PDF Now (50 pages)
Report Type Reports and Testimonies
Report Date Nov. 1, 1999
Report No. AIMD-00-33
Subject
Summary:

Managing the risks stemming from the government's growing reliance on information technology is a continuing challenge. This guide is intended to help federal managers implement an ongoing information security risk assessment. GAO provides examples, or case studies, of practical risk assessment procedures that have been successfully adopted by four organizations -- a multinational oil company, a financial services firm, a regulatory organization, and a computer hardware and software company -- known for implementing good risk assessment practices. More importantly, GAO identifies, on the basis of these case studies, factors that are important to the success of any risk assessment program, regardless of the specific methodology used. The information in this guide supplements an earlier GAO document (GAO/AIMD-98-68, May 1999) that outlined five major elements of risk management and 16 related information security practices that GAO identified during a study of organizations with superior information security programs.

« Return to search Government Accountability Office reports