Skip to main content

Information Security Risk Assessment: Practices of Leading Organizations

AIMD-00-33 Published: Nov 01, 1999. Publicly Released: Nov 01, 1999.
Jump To:
Skip to Highlights


This document is a supplement to GAO's May 1998 executive guide on information security management. It is intended to help federal managers implement an ongoing information security risk assessment process by providing examples, or case studies, of practical risk assessment procedures that have been successfully adopted by four organizations known for their efforts to implement good risk assessment practices.

Full Report

Office of Public Affairs


Best practicesBest practices reviewsComputer securityData integrityInformation resources managementInformation security managementInformation technologyInternal controlsRisk managementRisk assessment