Information Technology Sector Baseline Risk Assessment   [open pdf - 3MB]

"Threats to the IT Sector are complex and varied. In addition to the risks presented by natural hazards-such as catastrophic weather or seismic events-the IT Sector also faces threats from criminals, hackers, terrorists, and nation-states, all of whom have demonstrated a varying degree of capabilities and intentions to attack critical IT Sector functions. Additionally, manmade threats to the IT Sector are also rapidly evolving from simple automated worms and viruses to complex social engineering attacks that exploit known and unknown vulnerabilities in products and services developed by the IT Sector. While existing security and response capabilities mitigate many of these threats, the IT Sector still faces Sector-wide risks to its ability to provide hardware, software, and services to other CIKR sectors. Due to the IT Sector's high degree of interdependency with other CIKR sectors and the continuously evolving threat landscape, assessing vulnerabilities and estimating consequence is difficult. Therefore, these issues must be dealt with in a collaborative and flexible framework that enables the public and private sectors to enhance the resiliency and security of the critical IT Sector functions. The IT Sector Baseline Risk Assessment evaluates risk to the IT Sector and focuses on critical IT Sector functions. The assessment methodology is not intended to be guidance for individual entities' risk management activities. Instead, the IT Sector's Baseline Risk Assessment is intended to provide an all-hazards risk profile that IT Sector partners can use to inform resource allocation for research and development and other protective program measures to enhance the security and resiliency of the critical IT Sector functions."

Public Domain
Retrieved From:
United States Department of Homeland Security: http://www.dhs.gov/
Media Type:
Help with citations