What Is Information Security Risk
Analysis?
Information Security Risk Analysis (or Computer
Security Risk Analysis) is the process of identifying the
extent to which an organisation is at risk from breaches of
computer security.
The basic process of information security
risk analysis is:
- Identify the information security threats facing an organisation;
- Assess the probability that these threats will affecting
the organisation;
- Estimate the financial and other damage that could be
caused to the organisation, (the business impact);
- Evaluate the effectiveness of the information security
controls protecting the organisation against the identified
threats;
- Using all of this information, assess the overall level
of risk.
Formal Security Risk Analysis vs Informal
Security Risk Analysis
A formal information security risk analysis
process is one in which complex mathematical formulae are
used to calculate probablistic figures for annualised loss
expectancies. Informal risk analysis is a rather simpler process
whereby an experienced consultant, examining the information
listed above, makes a judgement as to whether controls are,
in fact, adequate.
Both methods have their advantages and disadvantages,
and it is important to ensure that the method used is right
for the organisation in question.
Our Information Security Risk
Analysis Services
We can use a variety of information security
risk analysis techniques to give an in-depth picture of the
risks that your business faces.
For more information on our risk analysis
services -
Contact
Us!
|
