• Risk management is a business process and all the business decisions should have a business development life cycle
  • Risk management is a management responsibility, must be supported by senior management and that concept of Ownership of assets must be established
  • In Pre screening of critical assets, assets sensitivity must be established based on business, legal and contractual values for confidentiality, integrity and availability. this risk analysis process will determine which critical assets needs to go through the risk assessment process
  • Organizaions use risk assessment to determine what threats exist to a specific asset and the associated risk
  • The risk acceptance threshold will provide the organization with the information needed to select effective control measures or safeguards to lower the risks to an acceptable level
  • Risk is a function of the probability that an identified threat will occur and then the impact that threat will have on the asset
  • Risk Assessment should include the followings primary steps:
    * Critical Asset Sensitivity (impact analysis) level affecting business, contractual and legal imapct
    * Threats identified
    * Vulnerabilities related to the threats
    * Probablity of occurance that the specific threat will exploit the given vulnerability
    * Impact of the loss if the specific threat will exploit the given vulnerability
    * Risk level identified
    * Control recommendations based on risk acceptance
    * Results documentation

    How to Complete a Risk Assessment in 5 Days or Less