Information Security Risk Assessment

What is an Information Security Risk Assessment?

An Information Security Risk Assessment is an examination of your organisation's operations, processes and assets in order to ultimately identify the risks you are facing in order to take steps to mitigate these risks.

What does an Information Security Risk Assessment involve?

The main steps of an Information Security Risk Assessment are:

Understanding the operations of your business
Identifying your information assets
Identifying the information handling processes in your organisation
Identifying any vulnerabilities in your assets or processes
Identifying threats to your information assets
Identifying and analysing risks faced by your organisation
Recommending measures to reduce the likelihood and/or impact of these risks

What will we get after the Risk Assessment?

Upon completion of the Information Security Risk Assessment, you will get an assessment report that includes:

Identified assets
Identified vulnerabilities
Identified threats
Identified risks
Recommended safeguards

How often should we carry out Information Security Risk Assessments?

An Information Security Risk Assessments should be carried out when a new organisation is started and whenever there is a change in the operating environment, such as when a new system is introduced.

At a minimum, an assessment or audit should be carried out at least annually.

What is an Information Security Risk Assessment?

What does an Information Security Risk Assessment involve?

What will we get after the Risk Assessment?

How often should we carry out Information Security Risk Assessments?

Like this: