Identification and Assessment of Risk in Risk Management

1331 Words Feb 2nd, 2018 5 Pages
This process includes both the identification and assessment of risk through risk analysis and the initiation and monitoring of appropriate practices, in response to that analysis, through the agency's risk management program. Risk assessment is a critical component of that process to ensure state agencies have an effective risk management plan in place. Risk Management and Risk Assessment are major components of Information Security Management. Risk Assessment is part of the Risk Management process. After initialization, Risk Management is a recurrent activity that deals with the analysis, planning, implementation, control and monitoring of implemented measurements and the enforced security policy. On the contrary, Risk Assessment is executed at discrete time points (e.g. once a year, on demand, etc.) and – until the performance of the next assessment - provides a temporary view of assessed risks and while parameter zings the entire Risk Management process.
Financial institutions in particular must maintain an ongoing information security risk assessment program that effectively gathers data regarding the information and technology assets of the organization, threats to those assets, vulnerabilities, existing security controls and processes, and the current security standards and requirements, analyses the probability and impact associated with the known threats and…