All organisations – like all individuals – are happy to accept a certain level of risk. If events are unlikely to occur or are unlikely to have much impact, then it makes sense to tolerate those risks rather than going to the expense and effort of treating them. But how can you determine the likelihood or effect of the information security risks you face?
Our free white paper, 5 Critical Steps to Successful Risk Assessments, outlines a five-step risk assessment plan that anyone can follow.
This blog, the third in a five-part series, summarises the third of those steps.
To find out more about this foolproof five-step approach, download your free copy of the white paper now.
Step 3: Analyse risks
Last time, we looked at identifying the risks to the information your organisation holds. The next step is to analyse them.
This is essential if you are to make practical and cost-effective decisions about how to respond to identified risks. For example, an unpatched operating system could have numerous vulnerabilities, all of which could be exploited by external threats.
Obviously, for each of the events you identify, you will want to be able to analyse the risk and assess the likelihood of each threat exploiting each individual vulnerability.
Useful risk assessment software comes with in-built lists of threats and vulnerabilities.
This removes the need for you to invest time and energy building your own database of threats and vulnerabilities, and should help accelerate and simplify the risk analysis.
You should also be able to analyse risks on the basis that your baseline security controls are in place and effective.
The information security risk assessment software tool vsRisk streamlines the risk assessment process and has been proven to save users huge amounts of time, effort and expense.
For more information on establishing a risk assessment framework, download your copy of 5 Critical Steps to Successful Risk Assessments now.