VA
permits two principal assessment methods: the risk assessment method
and the compliance assessment method.
-
The
risk assessment method is the original assessment method in the VA2
series. It is our more robust assessment method where both risks (inherent
risks) and exposures (residual risks) are measured along two axes:
likelihood and impact.
-
The
compliance assessment method only debuted in VA2.3. It was added to
provide clients not yet ready to move into the risk assessment arena
a simpler assessment method whereby they summarize the compliance
of a group of controls to a standard or benchmark of control functioning.
Both methods are
available in VA3.1 and both may be employed simultaneously. Further,
an assessment made using one method may subsequently be changed to
the
other method. Follow the links at left to learn more about these two
assessment methods.
