Information Security Risk Assessment: Practices of Leading Organizations
AIMD-00-33 Published: Nov 01, 1999. Publicly Released: Nov 01, 1999.
Skip to Highlights
This document is a supplement to GAO's May 1998 executive guide on information security management. It is intended to help federal managers implement an ongoing information security risk assessment process by providing examples, or case studies, of practical risk assessment procedures that have been successfully adopted by four organizations known for their efforts to implement good risk assessment practices.