Expert Advice Community

Guest

Risk Assessment Question

  Quote
Guest
Guest user Created:   Aug 25, 2022 Last commented:   Aug 25, 2022

Risk Assessment Question

Going back through the risk assessment, I had a question! When including the risks, are we supposed to come at it with professional skepticism? For example, we have a system administrator who is a great employee. We would never expect them to do anything malicious. BUT, when looking at the possible threat of "falsification of records", should I still list it as a threat? Even if it is very unlikely, it is something that someone in their position is capable of doing.

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Aug 25, 2022

You should always approach risk assessment with professional skepticism.

For the impact, you need to take the worst-case scenario, i.e., what is the worst impact that can happen if the risk materializes. For likelihood, you have to assess how strong are the current safeguards in place, and how reliable this person is.

These articles will provide you with further explanation:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Aug 25, 2022

Aug 25, 2022