These are the rules governing how to identify risks, to whom to assign risk ownership, how the risks impact the confidentiality, integrity and availability of the information, and the method of calculating the estimated impact and likelihood of the risk occurring. A formal risk assessment methodology needs to address four issues and should be approved by top management:
We follow an asset-based risk assessment process. Starting by developing a list of information assets, ideally by leveraging existing list of information assets that includes hard copies of information, electronic files, removable media, mobile devices, and intangibles, such as intellectual property.
Identify the threats and vulnerabilities that apply to each asset. For instance, the threat could be ‘theft of mobile device’, and the vulnerability could be ‘lack of formal policy for mobile devices’. Assign impact and likelihood values based on your risk criteria.
We then weigh each risk against your predetermined levels of acceptable risk, and prioritize which risks need to be addressed in which order.
There are four suggested ways to treat risks:
Copyright © 2024 Cyber Legacy Defense LLC - All Rights Reserved.
This site is protected by SSL encryption
We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.