Making Sense of The Regulatory Alphabet Soup Webinar

Information Security Management Series: Risk Assessment

Are you wondering why a risk assessment is so important? Do you need more information about how to conduct a risk assessment? In this webinar, Joseph Kirkpatrick, the Founder and President of KirkpatrickPrice, and Gary Boardman, an Information Security Specialist at KirkpatrickPrice, will explain the importance of and steps for conducting a risk assessment.

Conducting a Risk Assessment

If it is your first time conducting a risk assessment, or if you are looking for a way to simplify your risk assessment process, follow these nine steps:

  1. Asset Characterization: Identify your organization’s assets such as hardware, software, human resources, data, and processes.
  2. Threat Identification: Detect either man-made or natural events that could take advantage of an asset’s flaws.
  3. Vulnerability Identification: Locate both known and unknown flaws or weaknesses in assets that could result in the loss of integrity, availability, or confidentiality.
  4. Control Analysis: Determine the current controls that have been used to mitigate potential threats or vulnerabilities and implement future controls.
  5. Likelihood Determination: Analyze the likelihood of a specific event having a negative effect on an asset.
  6. Impact Analysis: Identify what the impact would be on business if an event has a negative effect on an asset.
  7. Risk Determination: Use the current analysis to determine whether the asset is material or non-material.
  8. Control Recommendation: Document the status of the protection of the asset.
  9. Results Documentation: Document the constraints on the remediation such as time, budget, and/or resources.

To learn more about risk assessments, download the full webinar. For more information about how you can complete a risk assessment or how KirkpatrickPrice can help you meet your risk assessment needs, contact us today.


Download Now