Security Risk Assessment Considerations
The security risk assessment should consider:
- The different risks such as:
- Business continuity
- Technology use and changes
- Personnel - accidents, theft, etc.
- Trading partner
- How to assess the risk (methodology).
- Who the holders of the risk are.
- Who is accountable.
- Risks that are acceptable, defined and communicated.
- Analysis of the risk cause and impact.
- Creation of an action plan for when risks materialize.
- Re-assessment of risk over time or as the situation changes.
Risk Assessment Procedure Definitions
Risk assessment procedures should define:
- Who is responsible for risk assessments.
- Steps for a risk assessment.
- Participants in the risk assessment.
- Required approvals.
- How assessments are documented and how it is maintained.
- Who risk assessment reports are provided to.