Common pitfalls in conducting risk assessment are
- Controls in place are not explicitly stated as assumption
- Lack of big picture
A holistic view on the target of evaluation (ToE) as well as its surrounding is vital. We should not just look at the ToE only. We need to think and assess
- Risks due to compromised components around ToE
- Similarly risks affecting them due to insecure ToE
