What is the Difference Between a Computer Security Review and a Computer Security Risk Analysis?
A computer security risk analysis is the process of evaluating the business need for security, determining the appropriate levels of computer security controls and checking to see if they have been met. A computer security review is the process of examining computer security controls against a fixed standard such as a set of computer security standards. A computer security review would be performed in a situation where: Risks have already been evaluated, the appropriate levels of computer security controls determined, and the requirement is to check whether controls are still at the appropriate level; or After a computer security controls improvement project, whether controls have reached the appropriate level.