Do you know what all of the assets are in your environment? Do you know which assets pose an unacceptable risk to the business? Do you know what your business accepted risk is? The risk assessment process helps answer these questions.
During a risk assessment, an asset catalogue is created, calculations are performed that provide an overall risk rating to clusters of assets in asset categories. Once these calculations are determined, assets that are rated higher than the accepted risk level defined by the business are treated in the risk treatment process.
Different risk assessment frameworks exist, such as P.A.S.T.A., OCTAVE, STRIDE, NIST, and ISO 27005. These frameworks define how the risk assessment is performed so that an established and documented process is followed every year to ensure risk is measured and improved over time.
IT Risk Assessment according to ISO 27005, OCTAVE, HEAVENS, or any other risk assessment methodology used by your business
Development of an IT Risk Assessment and Risk Treatment Policy and Procedure
Asset-based Risk Assessment
Scenario-based Risk Assessment