Risk Assessment Consists Of Detecting And Calculating Security Risks

754 Words Jan 28th, 2016 4 Pages
Risk assessment consists of detecting and calculating security risks, addressing these concerns before cultivation and advising such risks to management (Wisegate, Inc., 2015). A risk assessment plan assists in determining not “if” but how vulnerable our system is. Having the knowledge of weak protocols, untrained employees, and insecure connections is essential to the health of our organization.
The first step in a risk assessment plan is to understand our operating environment. The next step is to obtain up-to-date information on possible vulnerabilities within our network. By ascertaining where any vulnerabilities lie, we can mitigate protocols to correct or resolve such issues. The following is a basic scope of a Risk Assessment Plan:
 Lists of vulnerabilities and threats
 Responsibilities
 Security
 Recommendations for mitigation
 CBA (Cost-Benefit Analysis)
 Documentation
Once the plan is under way, management along with the IT team will identify all threats and hazards to the network, ascertain possible impact to the company, classify threats and vulnerabilities and create strategies to mitigate the plan. There are typically eight steps in conducting a proper risk assessment.
 Identify and map business practices
 Determine what could go wrong
 Determine likelihood and impact
Tisha Wingate
IS3110 Risk Management
Project Revisions
 Evaluate controls in place
 Are existing controls appropriate?
 Are controls operating effectively?
 Management alignment and…
Open Document