Risk Assessment or Cyber Security Risk Assessment

 

What is a risk assessment or Cyber Security risk assessment?

Risk Assessment is a systematic approach that can help us in managing, understanding, controlling, evaluating and, mitigating the risk in our org. business. Risk Assessment comes under the strategy of Risk Management Program.

It will allow us to see the risks and vulnerabilities changing over time and how can we put safeguards/controls to respond to them effectively.

Risk Assessment can be based on many factors. We can assess risk using two ways:

1. Qualitative Assessment (Where we define risk in terms of rating low, medium, high, and, critical).

2. Quantitative Assessment (Where we define risk in monetary values or in numerical numbers 1-10).

To assess risk, we need to identify them first.

Risk Identification = Asset x Threat x Vulnerability.

We also need to perform then risk analysis (this will help us to prioritize those identified risks).

We need to define a risk owner (who will be making remediation/action plan to work on identified risk to mitigate it in a time period).

Risk = Impact x Likelihood