The same does apply to security metrics such that these metrics establish the performance within the organization and the effectiveness of the organization's security.

The purpose of Risk Analysis is to spot and find security risks in the current framework and to resolve the risk exposure identified by the risk analysis. The type of security risk assessment for an organization is a function of a number of available assessments. However, the most important security protocol is to protect the organizations assets. Therefore, the most important security risk assessment for this purpose is the penetration testing proceeded by the vulnerability scan (Landoll, 2006). Protection of assets is of primary concern. Assets include both physical and non-physical assets. Non-physical assets are defined as assets that are not tangible. The Security Audit is indeed imperative, as is the Ad Hoc testing and Social Engineering test.

Annotated Bibliography

Campbell, G. (2010, What's state-of-the-art in...
[ View Full Essay]