Risk Assessment Tools

Some security risk assessment tools and methods that organizations may use to help assess and illustrate risks are shown in the list below.

  • Tables to illustrate the combined effects of probabilities with impacts.
  • Questionaires to ask business and technical staff about processes, operations, and possible threats.
  • Checklists to verify compliance with policies and standards.
  • Analysis and brainstorming about "what if" scenarios by business and technical staff. Include equipment failures, environmental problems, human errors, and other scenarios.
  • Standard report formats.
  • Software to help automate the process.
  • Lists of threats and controls.