Evaluation Of A Risk Assessment

1800 WordsDec 8, 20158 Pages
As the risk assessment begins, the assessors must compile information about the specific business procedures. This includes gathering information about the organizations assets, and the processes they are used in. This usually includes physical and logical assets like hardware, software, and system interfaces. However, the scope of a risk assessment must include the entire process, and all of the points at which it may be disrupted. This extends the characterization to include dates, critical individuals and the ultimate end goal of the system. The results of this step is an effective understanding of the systems operating boundaries (an accurate understanding of who and what is utilized in the system), the functions of the system, the criticality of components and deadlines, and the sensitivity of the information processed by the system. With this understanding the assessors are now able to identify threats on all of the system critical assets. It is important that this first step be completed accurately in order to show any effectiveness of the rest of the risk assessment process. For example, if an assessor forgot the itemize personnel as a system asset, certain threats may not have been discovered and protected against. For example, a piece of machinery may work perfectly well, be well protected and handle a great workload. However, in the event of a strike, who is going to operate the machine? Clearly we see the importance of identifying all business critical assets. 2.
Open Document