Elements for Risk Assessment Success

The following elements are required for risk assessment success:

  • Upper management support.
  • Define procedures - Have defined and documented procedures for conducting risk assessements.
  • Designate a focal point - A specific corporate level individual or committee guides the risk assessment process and they facilite planning, performance and reporting. The facilitator must be a risk assessment expert. Facilitators may train others and provide information about the risk assessment process.
  • Business and technical experts must be involved. - Business experts know how critical the applications are and the technical experts understand the threats and ways to mitigate them.
  • Conduct assessments based on a segment of the business rather than doing an assessment of the entire business. This keeps the risk assessment task manageable. Some parts of the business may use different systems.
  • Business units determine when a security assessment is needed. Upper management must keep the business units responsible by requiring a set schedule for assessments.
  • Document results to serve as starting points for subsequent assessments and determine whether management decisions are correct.