Your next Steps in Risk Assessment
This risk assessment step involves developing a clear understanding of the assets that require protection and their importance to your organisation. To facilitate this process, you can create an asset register that encompasses critical equipment, systems, services, software, information, and processes necessary for achieving your business objectives. It is crucial to identify and document ownership of each asset or groups of assets in your organisation. Asset owners play a significant role in comprehending the risks associated with their assets, taking responsibility for their management, and ensuring proper utilisation and risk mitigation.
After compiling a comprehensive list of assets, it is important to assess the potential impact if these assets are compromised. Compromise can take various forms, such as unauthorized access, alteration or loss of information, interference with system functionality, or complete unavailability due to failures or cyber-attacks. Express the impact of asset compromise in ways that are meaningful to your organisation, considering the significance of these assets within the context of your overall business assets. Developing a risk register is recommended so that you can document assets, determine ownership, and evaluate their value to your business.
Risk assessment by asset
An asset register and risk analysis could take the following form:
Asset | Description | RAG* Risk Rating |
Staff Information | Sensitive personal data | High – A breach can lead to fines, loss of trust and/or loss of reputation |
*RAG – Red Amber Green or High Medium Low risk
A high impact may signify a complete loss of ability to meet organisational objectives, whereas a Low impact could indicate a minor disruption or inconvenience.
Using risk assessment to assign priorities
By understanding your assets and evaluating their potential impact risk when compromised, you can prioritise the implementation of protective measures and risk mitigation strategies.
The next article goes into more detail on evaluating risks for the table.
Diana Catton MBA – by-line and other articles
Diana is a guest contributor to CyberAwake whilst Clive is on a Cyber Security and IT Audit.