According to the international standard ISO 27001, which sets out the requirements of an ISMS (information security management system), repeated risk assessments must produce “consistent, valid and comparable results”.
However, conducting an information security risk assessment is a complex process that requires considerable planning, specialist knowledge and stakeholder buy-in to appropriately cover all people-, process- and technology-based risks. Without expert guidance, this can only be worked out through trial and error.
Our free white paper, 5 Critical Steps to Successful Risk Assessments, outlines a five-step risk assessment plan that anyone can follow.
This blog, the second in a five-part series, summarises the second of those steps.
To find out more about this foolproof five-step approach, download your free copy of the white paper now.
Step 2: Identify risks
Last time, we looked at establishing a risk assessment framework. The second step is to identify the risks to the information your organisation holds.
While this is a relatively straightforward activity, it is the most time-consuming part of the whole risk assessment process. Typically, your lead risk assessor works with risk and/or asset owners within the organisation to identify all the events that might compromise the confidentiality, integrity and/or availability of each of the assets that are within the scope of your ISMS. For each of these events, they then analyse the risk and determine the likely impact on the organisation.
Many people choose risk assessment software tools to ensure their risk assessments can address the organisation’s baseline security criteria, risk scale, risk appetite and chosen approach the same way every time.
Good risk assessment software should also enable multiple users to work on a shared risk assessment and its supporting database in a way that maintains data integrity and provides a robust audit trail.
The information security risk assessment software tool vsRisk streamlines the risk assessment process and has been proven to save users huge amounts of time, effort and expense.
For more information on establishing a risk assessment framework, download your copy of 5 Critical Steps to Successful Risk Assessments now.