Week 8. Risk Assessment.
Risk identification begins with the process of self-examination. At this stage, managers identify the organizations's information assets, classify and categorize them into useful groups, and prioritize them by their overall importance.
This can be a daunting task, but it must be done to identify weaknesses and the threats they present.
The below list are Risk identification process.
-
Plan and Organize Process
-
Create system component categories
-
Develop Inventory of Assets-Identify Threats
-
Specify Vulnerable Assets
-
Assign Value or Impact Rating to Assets
-
Assess Likelihood for Vulnerabilities
-
Calculate Relative Risk Factor for Assets
-
Preliminary Review of Possible Controls
-
Document Findings.
1
If someone need audit for the security risk assessment, they have to check the below list and make sure all items list has the asset items ID, impact ratio value, vulnerability, and risk rate for the mitigation.
That information has to include people, procedures,
data, software, hardware and networking elements for classifying and
categorizing assets to the organization’s risk management program.
The classification worksheet is useful to refer to the information collected to help assess a value for an asset.
Also, she needs the weighted factor analysis worksheet for the list the assets in order of importance.
The classification worksheet is useful to refer to the information collected to help assess a value for an asset.
Also, she needs the weighted factor analysis worksheet for the list the assets in order of importance.
Another source of worksheet is TVA
(Threats-Vulnerabilities-Assets) that preparation for the addition of
vulnerability and control information during risk assessment.