Security Risk Assessment Considerations

The security risk assessment should consider:

  • The different risks such as:
    • Business continuity
    • Security
    • Technology use and changes
    • Regulations
    • Personnel - accidents, theft, etc.
    • Trading partner
    • Legal
    • Environmental
  • How to assess the risk (methodology).
  • Who the holders of the risk are.
  • Who is accountable.
  • Risks that are acceptable, defined and communicated.
  • Analysis of the risk cause and impact.
  • Creation of an action plan for when risks materialize.
  • Re-assessment of risk over time or as the situation changes.

Risk Assessment Procedure Definitions

Risk assessment procedures should define:

  1. Who is responsible for risk assessments.
  2. Steps for a risk assessment.
  3. Participants in the risk assessment.
  4. Required approvals.
  5. How assessments are documented and how it is maintained.
  6. Who risk assessment reports are provided to.