What is Information Risk Assessment?
Information risk assessment (a.k.a. Security Risk Assessment) is the process of identifying, estimating, and prioritizing information security risks. This provides a holistic view of the portfolio of assets, allowing managers to make informed resource allocation, tooling, and security control implementation decisions.
Approach & Methodology
The Risk Assessment process will be based on international information security and risk management best practices. Defining the risk likelihood, risk impact, and risk categorization will follow the guidance of:
The proposed decision to put security controls as an appropriate response plan for a particular risk will refer to NIST 800-54r4 Security and Privacy Controls in Federal Information Systems and Organizations.