Guest user Created: Nov 29, 2018 Last commented: Nov 29, 2018

Risk assessment

I have a question regarding the risk assessment process. Once I have listed all my assets I want to list all threats related to it. But what if there is no risk (or solved already) f.e. for servers, a threat would be data loss (system failure or even person mistake), but if there is a backup plan in place, there is actually no risk anymore. So how should you score these kind of risks ? I want to make sure I have listed all the threats to have a complete list.

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Nov 29, 2018

Answer:

If you have risks already treated you must include them in your risk assessment table, so you can monitor them in the future. As for how you should you score these kind of risks, the values of consequence and likelihood must consider the current values under the implemented controls (for risks where there are already existing controls, the likelihood and/or impact will be lower), and describe the controls applied in the last column of your risk assessment table.

By t he way, included in your toolkit you have the access to video tutorials that can help you fill in the risk assessment table, with real data as examples.

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Nov 29, 2018

Expert Advice Community

Risk assessment

Risk assessment

Assign topic to the user

Comment as guest or Sign in

Suggested Topics

Initial Risk Assessment Non-conformity

Risk assessment: multiple vulnerabilities for the same threat

Controls in the SoA that so not show up in the Risk Assessment