Information Security Management Series: Risk Assessment

by Sarah Harvey / July 11th, 2014

Are you wondering why a risk assessment is so important? Do you need more information about how to conduct a risk assessment? If it is your first time conducting a risk assessment, or if you are looking for a way to simplify your risk assessment process, follow these nine steps:

1. Asset Characterization: Identify your organization’s assets such as hardware, software, human resources, data, and processes.
2. Threat Identification: Detect either man-made or natural events that could take advantage of an asset’s flaws.
3. Vulnerability Identification: Locate both known and unknown flaws or weaknesses in assets that could result in the loss of integrity, availability, or confidentiality.
4. Control Analysis: Determine the current controls that have been used to mitigate potential threats or vulnerabilities and implement future controls.
5. Likelihood Determination: Analyze the likelihood of a specific event having a negative effect on an asset.
6. Impact Analysis: Identify what the impact would be on business if an event has a negative effect on an asset.
7. Risk Determination: Use the current analysis to determine whether the asset is material or non-material.
8. Control Recommendation: Document the status of the protection of the asset.
9. Results Documentation: Document the constraints on the remediation such as time, budget, and/or resources.

For more information about how you can complete a risk assessment or how KirkpatrickPrice can help you meet your risk assessment needs, contact us today.