Elements for Risk Assessment Success
The following elements are required for risk assessment success:
- Upper management support.
- Define procedures - Have defined and documented procedures for conducting risk assessements.
- Designate a focal point - A specific corporate level individual or committee guides the risk assessment process and they facilite planning, performance and reporting. The facilitator must be a risk assessment expert. Facilitators may train others and provide information about the risk assessment process.
- Business and technical experts must be involved. - Business experts know how critical the applications are and the technical experts understand the threats and ways to mitigate them.
- Conduct assessments based on a segment of the business rather than doing an assessment of the entire business. This keeps the risk assessment task manageable. Some parts of the business may use different systems.
- Business units determine when a security assessment is needed. Upper management must keep the business units responsible by requiring a set schedule for assessments.
- Document results to serve as starting points for subsequent assessments and determine whether management decisions are correct.