GSU Security Architecture & Design Organization Overall Risk Posture Discussion
When you deliver risk ratings for your organization, you must use the organization’s risk preferences instead of your own risk preferences. This is because risk assessment is for finding the organization’s risk tolerance and not your personal risk tolerance.
- What is the risk posture for each individual system as it contributes to the overall risk posture of the organization?
- How does each attack surface add up to a system’s particular risk posture? These include capabilities, methods and goals of any protections, particularly in the presence of an active threat agent.
- In addition, how do all the systems’ risk sum up to an organization’s computer security risk posture?