Risk management is a business process and all the business decisions should have a business development life cycle
Risk management is a management responsibility, must be supported by senior management and that concept of Ownership of assets must be established
In Pre screening of critical assets, assets sensitivity must be established based on business, legal and contractual values for confidentiality, integrity and availability. this risk analysis process will determine which critical assets needs to go through the risk assessment process
Organizaions use risk assessment to determine what threats exist to a specific asset and the associated risk
The risk acceptance threshold will provide the organization with the information needed to select effective control measures or safeguards to lower the risks to an acceptable level
Risk is a function of the probability that an identified threat will occur and then the impact that threat will have on the asset
Risk Assessment should include the followings primary steps:
* Critical Asset Sensitivity (impact analysis) level affecting business, contractual and legal imapct
* Threats identified
* Vulnerabilities related to the threats
* Probablity of occurance that the specific threat will exploit the given vulnerability
* Impact of the loss if the specific threat will exploit the given vulnerability
* Risk level identified
* Control recommendations based on risk acceptance
* Results documentation
How to Complete a Risk Assessment in 5 Days or Less
Tags: Risk Assessment, Security Risk Assessment, Tom Peltier
