Common pitfalls in conducting risk assessment are

  • Controls in place are not explicitly stated as assumption
  • Lack of big picture

A holistic view on the target of evaluation (ToE) as well as its surrounding is vital. We should not just look at the ToE only. We need to think and assess

  • Risks due to compromised components around ToE
  • Similarly risks affecting them due to insecure ToE

Leave a Reply