SlideShare a Scribd company logo

Risk Assessment And Risk Treatment

Ben Omoakin Oguntala, developingafrica(dot)net
Ben Omoakin Oguntala, developingafrica(dot)net

IT Risk assessment and risk treatment tool

TechnologyEconomy & Finance
1 of 14
Download to read offline
www.riesgoriskmanagement.com info@riesgoriskmanagement.com Risk assessment and risk treatment www.riesgoriskmanagement.com Contents Introduction ............................................................................................................................................ 2 Process overview .................................................................................................................................... 2 Risk assessment initiation: project submission & initial survey ............................................................. 3 The project registration form ................................................................................................................. 4 The submitted project registration form ................................................................................................ 5 Project register........................................................................................................................................ 7 The risk assessment ................................................................................................................................ 8 Project risk identification ........................................................................................................................ 9 Information Asset risk assessment ....................................................................................................... 10 Business impact assessment ................................................................................................................. 11 Risk assessment of assets ..................................................................................................................... 12 Risk management dashboards .............................................................................................................. 13 1
www.riesgoriskmanagement.com info@riesgoriskmanagement.com Introduction This document describes how www.riesgoriskmanagement.com ISO27001 compliance tool via its risk management function handles risk assessment and risk treatment. The following assumptions are made: 1. There is an Information security/compliance team in place 2. There are business processes in place with the Project teams and business units to submit projects and business changes as and when they occur. 3. There is a Risk Assurance forum in place to handle risks raised by the organisation on a periodic basis. 4. There is a minimum security policy in place in which all projects, business changes have to adhere to. Process overview The diagram below depicts the process by which projects are submitted and assessed, have their risks mitigated as well as the risk management and assurance. 2
www.riesgoriskmanagement.com info@riesgoriskmanagement.com Risk assessment initiation: project submission & initial survey The initial stage of risk assessment begins with project teams or business units submitting projects or business changes for assessment. For the sake simplicity, we provide a web based forms where project managers, business units can submit their projects or change requests. In order not to overwhelm the system, we have a project survey; this form completed by the project team or business unit and provides all the relevant information about the project. The initial survey is designed with rating system, depending on the selected entities, the project may score low or high. Low projects tend to be projects that either does not impact significant areas i.e. credit cards or confidential data or indicative a project that even though it impacts significant areas has adopted the correct minimum level for compliance. In either case, the project is submitted to the information security team for review. The picture below shows the function the team leader to allocate project to a team of consultants. 3
www.riesgoriskmanagement.com info@riesgoriskmanagement.com The project registration form The form will be made available on your intranet to allow all business units regardless of their geographical location to be able to access the form and complete the project registration. 4
www.riesgoriskmanagement.com info@riesgoriskmanagement.com The submitted project registration form Once completed, the project results are displayed to the project team and an alert is sent to the information security/compliance team with an indication of the result. The Survey score indicates that the project has scored low. The fields can be changed to accommodate the specific requirements of your organisation and the risk ratings can be changed to also reflect to your risk appetite. The risk score can be high, medium or low. All projects submitted can be viewed by the information security/compliance team and they can decide on which of the projects they wish to assess further. Traditionally, only medium and high risk projects are further assessed. If the information security/compliance team have several members that share work, we have the functionality for the team leader role who will deal with allocating projects to teams members. 5
www.riesgoriskmanagement.com info@riesgoriskmanagement.com A project with a high rating 6
www.riesgoriskmanagement.com info@riesgoriskmanagement.com Project register The project register submitted to the information security or compliance team provides the team with details of the project as well as the relevant for billing and time scale. The solution provides the team with the flexibility to provide their services to business units in remote locations and maintain the same level of assurance. Each project will also contain the full documentation set for the project either on teamrooms or as attachment, the documentations can include, PID, BRS, HLD and or LLD. 7
www.riesgoriskmanagement.com info@riesgoriskmanagement.com The risk assessment Once the project has been assigned to a consultant, he or she would be able to pick up the project and review the details as well as carry out the business impact assessment. This BIA framework can incorporate your current risk management templates. The project dashboard reveals to the consultant the project details, the FRS survey carried out and he or she can initiate the Business impact assessment. If the team operates a milestone approval gate system, then the project milestones will also be available to the consultant for approval on due dates. The reports are also available to the project team for review and feedbacks. The diagram below describes how The consultant can add a new BIA as well as add stakeholders 8
www.riesgoriskmanagement.com info@riesgoriskmanagement.com Project risk identification When the Consultant goes through the project documentation and has his or her meetings with them to identify the intentions and proposals from the project, the tool provide the option to register the risks identified in the project. The risk will identify the business impact, likelihood of occurrence as well as residual risks associated with the risk. The risk will be stored on the project risk register and reviewed periodically at each project milestone. The project register will be available to projects and information security/compliance teams to review and mitigate. As each mitigation is addressed and approved, the risk register will be updated to ensure there are no stagnant risks. 9
www.riesgoriskmanagement.com info@riesgoriskmanagement.com Information Asset risk assessment Each information Asset is registered per business unit or organisation. The business unit can upload their assets and either carry out their risk assessment based on Confidentiality, Integrity and availability (CIA) using the standard risk matrix calculates the business impact assessment by defining the business risk, likelihood of occurrence and residual risk. The picture below shows how an information security/compliance team can view all the information assets from each business unit. When each business logs on, they will only be able to see their own assets whilst the information security/compliance can see the entire organisation. If the information asset was completed by the business unit, the information security/compliance team can review the information added and adjust accordingly or produce baseline policies for dealing with specific data for example, fraud, confidential or business sensitive assets. 10
www.riesgoriskmanagement.com info@riesgoriskmanagement.com Business impact assessment The consultants can initiate their Business impact assessment for the project either by uploading their own BIA documents or if teamrooms are used setup a link to the central document repository. Once the BIA is uploaded, 11
www.riesgoriskmanagement.com info@riesgoriskmanagement.com Risk assessment of assets The information asset can be edited to suit its current status. Each Asset is given an Asset ID and detail description provided including, data input and output as well as with whom the information asset is being shared. 12
www.riesgoriskmanagement.com info@riesgoriskmanagement.com Risk management dashboards The tool provides several risk management dashboards depending on the desire of the organisation The project dashboard Asset list 13
www.riesgoriskmanagement.com info@riesgoriskmanagement.com Policy dashboard 14

Recommended

Risk management
Risk managementRisk management
Risk managementJubayer Alam Shoikat
 
The Purpose of Holistic Risk Management
The Purpose of Holistic Risk ManagementThe Purpose of Holistic Risk Management
The Purpose of Holistic Risk ManagementCorporater
 
Infographic - Critical Capabilities of a Good Risk Management Solution
Infographic - Critical Capabilities of a Good Risk Management SolutionInfographic - Critical Capabilities of a Good Risk Management Solution
Infographic - Critical Capabilities of a Good Risk Management SolutionCorporater
 
Risk Overview & Risk management
Risk Overview & Risk managementRisk Overview & Risk management
Risk Overview & Risk managementSubhendu Datta
 
Risk management
Risk managementRisk management
Risk managementbaderali2141
 
The Importance of Risk Management
The Importance of Risk ManagementThe Importance of Risk Management
The Importance of Risk ManagementVigilant Software
 
Risk management: Principles, methodologies and techniques
Risk management: Principles, methodologies and techniquesRisk management: Principles, methodologies and techniques
Risk management: Principles, methodologies and techniquesILRI
 
Risk Identification Process PowerPoint Presentation Slides
Risk Identification Process PowerPoint Presentation SlidesRisk Identification Process PowerPoint Presentation Slides
Risk Identification Process PowerPoint Presentation SlidesSlideTeam
 

Recommended

Risk management
Risk managementRisk management
Risk managementJubayer Alam Shoikat
 
The Purpose of Holistic Risk Management
The Purpose of Holistic Risk ManagementThe Purpose of Holistic Risk Management
The Purpose of Holistic Risk ManagementCorporater
 
Infographic - Critical Capabilities of a Good Risk Management Solution
Infographic - Critical Capabilities of a Good Risk Management SolutionInfographic - Critical Capabilities of a Good Risk Management Solution
Infographic - Critical Capabilities of a Good Risk Management SolutionCorporater
 
Risk Overview & Risk management
Risk Overview & Risk managementRisk Overview & Risk management
Risk Overview & Risk managementSubhendu Datta
 
Risk management
Risk managementRisk management
Risk managementbaderali2141
 
The Importance of Risk Management
The Importance of Risk ManagementThe Importance of Risk Management
The Importance of Risk ManagementVigilant Software
 
Risk management: Principles, methodologies and techniques
Risk management: Principles, methodologies and techniquesRisk management: Principles, methodologies and techniques
Risk management: Principles, methodologies and techniquesILRI
 
Risk Identification Process PowerPoint Presentation Slides
Risk Identification Process PowerPoint Presentation SlidesRisk Identification Process PowerPoint Presentation Slides
Risk Identification Process PowerPoint Presentation SlidesSlideTeam
 
Risk Management Process Steps PowerPoint Presentation Slides
Risk Management Process Steps PowerPoint Presentation Slides Risk Management Process Steps PowerPoint Presentation Slides
Risk Management Process Steps PowerPoint Presentation Slides SlideTeam
 
Risk Assessment vs. Risk Management in Manufacturing
Risk Assessment vs. Risk Management in ManufacturingRisk Assessment vs. Risk Management in Manufacturing
Risk Assessment vs. Risk Management in ManufacturingContentAssets
 
Risk management
Risk managementRisk management
Risk managementRajuPrasad33
 
Project risk management principles
Project risk management principlesProject risk management principles
Project risk management principlesalexgr89
 
Risk Management Software
Risk Management SoftwareRisk Management Software
Risk Management SoftwareCorporater
 
Operational Risk Management and Bpm
Operational Risk Management and BpmOperational Risk Management and Bpm
Operational Risk Management and BpmNathaniel Palmer
 
Risk management
Risk managementRisk management
Risk managementManish Tiwari
 
Data Driven Risk Management
Data Driven Risk ManagementData Driven Risk Management
Data Driven Risk ManagementResolver Inc.
 
Risk management
Risk managementRisk management
Risk managementbadar214118
 
Enterprise risk & risk management - I
Enterprise risk & risk management - IEnterprise risk & risk management - I
Enterprise risk & risk management - IDr. Shiv S Tripathi
 
Risk identification
Risk identificationRisk identification
Risk identificationmurukkada
 
Ballot: Risk Assessments Made Simple
Ballot: Risk Assessments Made SimpleBallot: Risk Assessments Made Simple
Ballot: Risk Assessments Made SimpleResolver Inc.
 
2010; Risk Management Workshop Rev.1.1
2010; Risk Management Workshop Rev.1.12010; Risk Management Workshop Rev.1.1
2010; Risk Management Workshop Rev.1.1Muhammad Ector Prasetyo
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk ManagementResolver Inc.
 
Building an Effective AML Program
Building an Effective AML ProgramBuilding an Effective AML Program
Building an Effective AML ProgramCorporater
 
Risk Management Best Practices
Risk Management Best PracticesRisk Management Best Practices
Risk Management Best PracticesPMILebanonChapter
 
Risk Management
Risk ManagementRisk Management
Risk Managementysshah
 
Improve Your Risk Assessment Process in 4 Steps
Improve Your Risk Assessment Process in 4 StepsImprove Your Risk Assessment Process in 4 Steps
Improve Your Risk Assessment Process in 4 StepsResolver Inc.
 
Risk management process
Risk management processRisk management process
Risk management processeduCBA
 
Strategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightStrategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightProformative, Inc.
 
EGK 2011: Construction 03 IRDS
EGK 2011: Construction 03 IRDSEGK 2011: Construction 03 IRDS
EGK 2011: Construction 03 IRDSicebauhaus
 
Qualifying criteria
Qualifying criteriaQualifying criteria
Qualifying criteriaanupamjsp
 

More Related Content

What's hot

Risk Management Process Steps PowerPoint Presentation Slides
Risk Management Process Steps PowerPoint Presentation Slides Risk Management Process Steps PowerPoint Presentation Slides
Risk Management Process Steps PowerPoint Presentation Slides SlideTeam
 
Risk Assessment vs. Risk Management in Manufacturing
Risk Assessment vs. Risk Management in ManufacturingRisk Assessment vs. Risk Management in Manufacturing
Risk Assessment vs. Risk Management in ManufacturingContentAssets
 
Project risk management principles
Project risk management principlesProject risk management principles
Project risk management principlesalexgr89
 
Risk Management Software
Risk Management SoftwareRisk Management Software
Risk Management SoftwareCorporater
 
Operational Risk Management and Bpm
Operational Risk Management and BpmOperational Risk Management and Bpm
Operational Risk Management and BpmNathaniel Palmer
 
Data Driven Risk Management
Data Driven Risk ManagementData Driven Risk Management
Data Driven Risk ManagementResolver Inc.
 
Enterprise risk & risk management - I
Enterprise risk & risk management - IEnterprise risk & risk management - I
Enterprise risk & risk management - IDr. Shiv S Tripathi
 
Risk identification
Risk identificationRisk identification
Risk identificationmurukkada
 
Ballot: Risk Assessments Made Simple
Ballot: Risk Assessments Made SimpleBallot: Risk Assessments Made Simple
Ballot: Risk Assessments Made SimpleResolver Inc.
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk ManagementResolver Inc.
 
Building an Effective AML Program
Building an Effective AML ProgramBuilding an Effective AML Program
Building an Effective AML ProgramCorporater
 
Risk Management Best Practices
Risk Management Best PracticesRisk Management Best Practices
Risk Management Best PracticesPMILebanonChapter
 
Risk Management
Risk ManagementRisk Management
Risk Managementysshah
 
Improve Your Risk Assessment Process in 4 Steps
Improve Your Risk Assessment Process in 4 StepsImprove Your Risk Assessment Process in 4 Steps
Improve Your Risk Assessment Process in 4 StepsResolver Inc.
 
Risk management process
Risk management processRisk management process
Risk management processeduCBA
 
Strategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightStrategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightProformative, Inc.
 

What's hot (20)

Risk Management Process Steps PowerPoint Presentation Slides
Risk Management Process Steps PowerPoint Presentation Slides Risk Management Process Steps PowerPoint Presentation Slides
Risk Management Process Steps PowerPoint Presentation Slides
 
Risk Assessment vs. Risk Management in Manufacturing
Risk Assessment vs. Risk Management in ManufacturingRisk Assessment vs. Risk Management in Manufacturing
Risk Assessment vs. Risk Management in Manufacturing
 
Risk management
Risk managementRisk management
Risk management
 
Project risk management principles
Project risk management principlesProject risk management principles
Project risk management principles
 
Risk Management Software
Risk Management SoftwareRisk Management Software
Risk Management Software
 
Operational Risk Management and Bpm
Operational Risk Management and BpmOperational Risk Management and Bpm
Operational Risk Management and Bpm
 
Risk management
Risk managementRisk management
Risk management
 
Data Driven Risk Management
Data Driven Risk ManagementData Driven Risk Management
Data Driven Risk Management
 
Risk management
Risk managementRisk management
Risk management
 
Enterprise risk & risk management - I
Enterprise risk & risk management - IEnterprise risk & risk management - I
Enterprise risk & risk management - I
 
Risk identification
Risk identificationRisk identification
Risk identification
 
Ballot: Risk Assessments Made Simple
Ballot: Risk Assessments Made SimpleBallot: Risk Assessments Made Simple
Ballot: Risk Assessments Made Simple
 
2010; Risk Management Workshop Rev.1.1
2010; Risk Management Workshop Rev.1.12010; Risk Management Workshop Rev.1.1
2010; Risk Management Workshop Rev.1.1
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk Management
 
Building an Effective AML Program
Building an Effective AML ProgramBuilding an Effective AML Program
Building an Effective AML Program
 
Risk Management Best Practices
Risk Management Best PracticesRisk Management Best Practices
Risk Management Best Practices
 
Risk Management
Risk ManagementRisk Management
Risk Management
 
Improve Your Risk Assessment Process in 4 Steps
Improve Your Risk Assessment Process in 4 StepsImprove Your Risk Assessment Process in 4 Steps
Improve Your Risk Assessment Process in 4 Steps
 
Risk management process
Risk management processRisk management process
Risk management process
 
Strategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightStrategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management Right
 

Viewers also liked

EGK 2011: Construction 03 IRDS
EGK 2011: Construction 03 IRDSEGK 2011: Construction 03 IRDS
EGK 2011: Construction 03 IRDSicebauhaus
 
Qualifying criteria
Qualifying criteriaQualifying criteria
Qualifying criteriaanupamjsp
 
Construction and erection risks assessment engineering outlook
Construction and erection risks assessment engineering outlookConstruction and erection risks assessment engineering outlook
Construction and erection risks assessment engineering outlookGeorge Kazantsev
 
2011 Aon Industry Risk Report - Construction
2011 Aon Industry Risk Report - Construction2011 Aon Industry Risk Report - Construction
2011 Aon Industry Risk Report - ConstructionMark Leon
 
Logistic & supply chain management
Logistic & supply chain management Logistic & supply chain management
Logistic & supply chain management Amal selva
 
Understanding_Construction_Risk_Assessment
Understanding_Construction_Risk_AssessmentUnderstanding_Construction_Risk_Assessment
Understanding_Construction_Risk_AssessmentCraig Ihde
 
procurement plan details
procurement plan detailsprocurement plan details
procurement plan detailsManjul Shrestha
 
Project Risk Management (10)
Project Risk Management (10) Project Risk Management (10)
Project Risk Management (10)Serdar Temiz
 
Pmbok 4th edition chapter 5 - Project Scope Management
Pmbok 4th edition chapter 5 - Project Scope Management Pmbok 4th edition chapter 5 - Project Scope Management
Pmbok 4th edition chapter 5 - Project Scope Management Ahmad Maharma, PMP,RMP
 
Project Risk register
Project Risk registerProject Risk register
Project Risk registerKashif Mastan
 
The Basics of Tendering & Bidding
The Basics of Tendering & BiddingThe Basics of Tendering & Bidding
The Basics of Tendering & BiddingMoatasem Mabrouk
 
Project Management Plan Template
Project Management Plan TemplateProject Management Plan Template
Project Management Plan TemplateSimplilearn
 
PROJECT SCHEDULE
PROJECT SCHEDULEPROJECT SCHEDULE
PROJECT SCHEDULEAjeesh Mk
 
Project Scope Management - PMBOK 5th Edition
Project Scope Management - PMBOK 5th EditionProject Scope Management - PMBOK 5th Edition
Project Scope Management - PMBOK 5th Editionpankajsh10
 
Supplier Risk Assessment
Supplier Risk AssessmentSupplier Risk Assessment
Supplier Risk AssessmentGary Bahadur
 

Viewers also liked (20)

EGK 2011: Construction 03 IRDS
EGK 2011: Construction 03 IRDSEGK 2011: Construction 03 IRDS
EGK 2011: Construction 03 IRDS
 
Qualifying criteria
Qualifying criteriaQualifying criteria
Qualifying criteria
 
Construction and erection risks assessment engineering outlook
Construction and erection risks assessment engineering outlookConstruction and erection risks assessment engineering outlook
Construction and erection risks assessment engineering outlook
 
2011 Aon Industry Risk Report - Construction
2011 Aon Industry Risk Report - Construction2011 Aon Industry Risk Report - Construction
2011 Aon Industry Risk Report - Construction
 
Logistic & supply chain management
Logistic & supply chain management Logistic & supply chain management
Logistic & supply chain management
 
Understanding_Construction_Risk_Assessment
Understanding_Construction_Risk_AssessmentUnderstanding_Construction_Risk_Assessment
Understanding_Construction_Risk_Assessment
 
Procurement management
Procurement managementProcurement management
Procurement management
 
procurement plan details
procurement plan detailsprocurement plan details
procurement plan details
 
Project Risk Management (10)
Project Risk Management (10) Project Risk Management (10)
Project Risk Management (10)
 
Pmbok 4th edition chapter 5 - Project Scope Management
Pmbok 4th edition chapter 5 - Project Scope Management Pmbok 4th edition chapter 5 - Project Scope Management
Pmbok 4th edition chapter 5 - Project Scope Management
 
Project Risk register
Project Risk registerProject Risk register
Project Risk register
 
Procurement Plan
Procurement PlanProcurement Plan
Procurement Plan
 
The Basics of Tendering & Bidding
The Basics of Tendering & BiddingThe Basics of Tendering & Bidding
The Basics of Tendering & Bidding
 
Project Management Plan Template
Project Management Plan TemplateProject Management Plan Template
Project Management Plan Template
 
PROJECT SCHEDULE
PROJECT SCHEDULEPROJECT SCHEDULE
PROJECT SCHEDULE
 
Resource allocation
Resource allocationResource allocation
Resource allocation
 
Project Scope Management - PMBOK 5th Edition
Project Scope Management - PMBOK 5th EditionProject Scope Management - PMBOK 5th Edition
Project Scope Management - PMBOK 5th Edition
 
Supplier Risk Assessment
Supplier Risk AssessmentSupplier Risk Assessment
Supplier Risk Assessment
 
Project Scheduling
Project SchedulingProject Scheduling
Project Scheduling
 
Procurement: Strategies | Best Practices
Procurement: Strategies | Best PracticesProcurement: Strategies | Best Practices
Procurement: Strategies | Best Practices
 

Similar to Risk Assessment And Risk Treatment

Sample Risk Assessment Report- QuantumBanking.pdf
Sample Risk Assessment Report- QuantumBanking.pdfSample Risk Assessment Report- QuantumBanking.pdf
Sample Risk Assessment Report- QuantumBanking.pdfSathishKumar960827
 
Sanitised Project Plan for Project Management
Sanitised Project Plan for Project ManagementSanitised Project Plan for Project Management
Sanitised Project Plan for Project ManagementSandy Clements
 
Risk Insight v1.0 User Guide
Risk Insight v1.0 User GuideRisk Insight v1.0 User Guide
Risk Insight v1.0 User GuideProtect724gopi
 
Enterprise 360 degree risk management
Enterprise 360 degree risk managementEnterprise 360 degree risk management
Enterprise 360 degree risk managementInfosys
 
MCGlobalTech Cyber Capability Statement_Final
MCGlobalTech Cyber Capability Statement_FinalMCGlobalTech Cyber Capability Statement_Final
MCGlobalTech Cyber Capability Statement_FinalWilliam McBorrough
 
Web Application Penetration Tests - Reporting
Web Application Penetration Tests - ReportingWeb Application Penetration Tests - Reporting
Web Application Penetration Tests - ReportingNetsparker
 
u10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacobu10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji JacobBeji Jacob
 
Project Risk Management Plan © 2015 by Jones & Bartl.docx
Project Risk Management Plan © 2015 by Jones & Bartl.docx Project Risk Management Plan © 2015 by Jones & Bartl.docx
Project Risk Management Plan © 2015 by Jones & Bartl.docxgertrudebellgrove
 
Project Risk Management Plan © 2015 by Jones & Bartl.docx
Project Risk Management Plan © 2015 by Jones & Bartl.docx Project Risk Management Plan © 2015 by Jones & Bartl.docx
Project Risk Management Plan © 2015 by Jones & Bartl.docxaryan532920
 
PROJECT FAST INVENTORY Delivere.docx
PROJECT FAST INVENTORY Delivere.docxPROJECT FAST INVENTORY Delivere.docx
PROJECT FAST INVENTORY Delivere.docxwoodruffeloisa
 
Project Risk Management Plan © 2015 by Jones & Bartl.docx
Project Risk Management Plan © 2015 by Jones & Bartl.docxProject Risk Management Plan © 2015 by Jones & Bartl.docx
Project Risk Management Plan © 2015 by Jones & Bartl.docxAASTHA76
 
Enisa rm deliverable2-final-version-v1.0-2006-03-30
Enisa rm deliverable2-final-version-v1.0-2006-03-30Enisa rm deliverable2-final-version-v1.0-2006-03-30
Enisa rm deliverable2-final-version-v1.0-2006-03-30pladott1
 
Sample audit plan
Sample audit planSample audit plan
Sample audit planMaher Manan
 
TaskYou are required to prepare for this Assessment Item by1..docx
TaskYou are required to prepare for this Assessment Item by1..docxTaskYou are required to prepare for this Assessment Item by1..docx
TaskYou are required to prepare for this Assessment Item by1..docxbradburgess22840
 
TaskYou are required to prepare for this Assessment Item by1..docx
TaskYou are required to prepare for this Assessment Item by1..docxTaskYou are required to prepare for this Assessment Item by1..docx
TaskYou are required to prepare for this Assessment Item by1..docxdeanmtaylor1545
 

Similar to Risk Assessment And Risk Treatment (20)

Iso 27001 Audit Evidence Acquisitionv3
Iso 27001 Audit Evidence Acquisitionv3Iso 27001 Audit Evidence Acquisitionv3
Iso 27001 Audit Evidence Acquisitionv3
 
Sample Risk Assessment Report- QuantumBanking.pdf
Sample Risk Assessment Report- QuantumBanking.pdfSample Risk Assessment Report- QuantumBanking.pdf
Sample Risk Assessment Report- QuantumBanking.pdf
 
Sanitised Project Plan for Project Management
Sanitised Project Plan for Project ManagementSanitised Project Plan for Project Management
Sanitised Project Plan for Project Management
 
Risk Insight v1.0 User Guide
Risk Insight v1.0 User GuideRisk Insight v1.0 User Guide
Risk Insight v1.0 User Guide
 
Enterprise 360 degree risk management
Enterprise 360 degree risk managementEnterprise 360 degree risk management
Enterprise 360 degree risk management
 
Guide to Software Estimation
Guide to Software EstimationGuide to Software Estimation
Guide to Software Estimation
 
MCGlobalTech Cyber Capability Statement_Final
MCGlobalTech Cyber Capability Statement_FinalMCGlobalTech Cyber Capability Statement_Final
MCGlobalTech Cyber Capability Statement_Final
 
Web Application Penetration Tests - Reporting
Web Application Penetration Tests - ReportingWeb Application Penetration Tests - Reporting
Web Application Penetration Tests - Reporting
 
u10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacobu10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacob
 
Project Risk Management Plan © 2015 by Jones & Bartl.docx
Project Risk Management Plan © 2015 by Jones & Bartl.docx Project Risk Management Plan © 2015 by Jones & Bartl.docx
Project Risk Management Plan © 2015 by Jones & Bartl.docx
 
Project Risk Management Plan © 2015 by Jones & Bartl.docx
Project Risk Management Plan © 2015 by Jones & Bartl.docx Project Risk Management Plan © 2015 by Jones & Bartl.docx
Project Risk Management Plan © 2015 by Jones & Bartl.docx
 
PROJECT FAST INVENTORY Delivere.docx
PROJECT FAST INVENTORY Delivere.docxPROJECT FAST INVENTORY Delivere.docx
PROJECT FAST INVENTORY Delivere.docx
 
Project Risk Management Plan © 2015 by Jones & Bartl.docx
Project Risk Management Plan © 2015 by Jones & Bartl.docxProject Risk Management Plan © 2015 by Jones & Bartl.docx
Project Risk Management Plan © 2015 by Jones & Bartl.docx
 
Enterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slidesEnterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slides
 
Ffiec cat may_2017
Ffiec cat may_2017Ffiec cat may_2017
Ffiec cat may_2017
 
FACT-Brochure
FACT-BrochureFACT-Brochure
FACT-Brochure
 
Enisa rm deliverable2-final-version-v1.0-2006-03-30
Enisa rm deliverable2-final-version-v1.0-2006-03-30Enisa rm deliverable2-final-version-v1.0-2006-03-30
Enisa rm deliverable2-final-version-v1.0-2006-03-30
 
Sample audit plan
Sample audit planSample audit plan
Sample audit plan
 
TaskYou are required to prepare for this Assessment Item by1..docx
TaskYou are required to prepare for this Assessment Item by1..docxTaskYou are required to prepare for this Assessment Item by1..docx
TaskYou are required to prepare for this Assessment Item by1..docx
 
TaskYou are required to prepare for this Assessment Item by1..docx
TaskYou are required to prepare for this Assessment Item by1..docxTaskYou are required to prepare for this Assessment Item by1..docx
TaskYou are required to prepare for this Assessment Item by1..docx
 

More from Ben Omoakin Oguntala, developingafrica(dot)net

More from Ben Omoakin Oguntala, developingafrica(dot)net (15)

Developing Africa Ode Remo brochure
Developing Africa Ode Remo brochureDeveloping Africa Ode Remo brochure
Developing Africa Ode Remo brochure
 
Developing Africa - Ode Remo
Developing Africa - Ode RemoDeveloping Africa - Ode Remo
Developing Africa - Ode Remo
 
Thisday story with Oguntala
Thisday story with OguntalaThisday story with Oguntala
Thisday story with Oguntala
 
Africa secretariat - The Home of African raw materials
Africa secretariat - The Home of African raw materials Africa secretariat - The Home of African raw materials
Africa secretariat - The Home of African raw materials
 
Data Leakage Prevention
Data Leakage PreventionData Leakage Prevention
Data Leakage Prevention
 
Data Protection Compliance In Economically Depressing Times
Data Protection Compliance In Economically Depressing TimesData Protection Compliance In Economically Depressing Times
Data Protection Compliance In Economically Depressing Times
 
Privacy Impact Assessment Final
Privacy Impact Assessment FinalPrivacy Impact Assessment Final
Privacy Impact Assessment Final
 
Managing Information Asset Register
Managing Information Asset RegisterManaging Information Asset Register
Managing Information Asset Register
 
Fraud Monitoring Solution
Fraud Monitoring SolutionFraud Monitoring Solution
Fraud Monitoring Solution
 
Conformidad De Seguridad De InformacióNv2
Conformidad De Seguridad De InformacióNv2Conformidad De Seguridad De InformacióNv2
Conformidad De Seguridad De InformacióNv2
 
Iso 27001 Audit Evidence Acquisition
Iso 27001 Audit Evidence AcquisitionIso 27001 Audit Evidence Acquisition
Iso 27001 Audit Evidence Acquisition
 
Gprs/3G Troubleshooter
Gprs/3G TroubleshooterGprs/3G Troubleshooter
Gprs/3G Troubleshooter
 
Pci V2
Pci V2Pci V2
Pci V2
 
FoI
FoIFoI
FoI
 
Dpa V3
Dpa V3Dpa V3
Dpa V3
 

Recently uploaded

The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 

Recently uploaded (20)

The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 

Risk Assessment And Risk Treatment

  • 1. www.riesgoriskmanagement.com info@riesgoriskmanagement.com Risk assessment and risk treatment www.riesgoriskmanagement.com Contents Introduction ............................................................................................................................................ 2 Process overview .................................................................................................................................... 2 Risk assessment initiation: project submission & initial survey ............................................................. 3 The project registration form ................................................................................................................. 4 The submitted project registration form ................................................................................................ 5 Project register........................................................................................................................................ 7 The risk assessment ................................................................................................................................ 8 Project risk identification ........................................................................................................................ 9 Information Asset risk assessment ....................................................................................................... 10 Business impact assessment ................................................................................................................. 11 Risk assessment of assets ..................................................................................................................... 12 Risk management dashboards .............................................................................................................. 13 1
  • 2. www.riesgoriskmanagement.com info@riesgoriskmanagement.com Introduction This document describes how www.riesgoriskmanagement.com ISO27001 compliance tool via its risk management function handles risk assessment and risk treatment. The following assumptions are made: 1. There is an Information security/compliance team in place 2. There are business processes in place with the Project teams and business units to submit projects and business changes as and when they occur. 3. There is a Risk Assurance forum in place to handle risks raised by the organisation on a periodic basis. 4. There is a minimum security policy in place in which all projects, business changes have to adhere to. Process overview The diagram below depicts the process by which projects are submitted and assessed, have their risks mitigated as well as the risk management and assurance. 2
  • 3. www.riesgoriskmanagement.com info@riesgoriskmanagement.com Risk assessment initiation: project submission & initial survey The initial stage of risk assessment begins with project teams or business units submitting projects or business changes for assessment. For the sake simplicity, we provide a web based forms where project managers, business units can submit their projects or change requests. In order not to overwhelm the system, we have a project survey; this form completed by the project team or business unit and provides all the relevant information about the project. The initial survey is designed with rating system, depending on the selected entities, the project may score low or high. Low projects tend to be projects that either does not impact significant areas i.e. credit cards or confidential data or indicative a project that even though it impacts significant areas has adopted the correct minimum level for compliance. In either case, the project is submitted to the information security team for review. The picture below shows the function the team leader to allocate project to a team of consultants. 3
  • 4. www.riesgoriskmanagement.com info@riesgoriskmanagement.com The project registration form The form will be made available on your intranet to allow all business units regardless of their geographical location to be able to access the form and complete the project registration. 4
  • 5. www.riesgoriskmanagement.com info@riesgoriskmanagement.com The submitted project registration form Once completed, the project results are displayed to the project team and an alert is sent to the information security/compliance team with an indication of the result. The Survey score indicates that the project has scored low. The fields can be changed to accommodate the specific requirements of your organisation and the risk ratings can be changed to also reflect to your risk appetite. The risk score can be high, medium or low. All projects submitted can be viewed by the information security/compliance team and they can decide on which of the projects they wish to assess further. Traditionally, only medium and high risk projects are further assessed. If the information security/compliance team have several members that share work, we have the functionality for the team leader role who will deal with allocating projects to teams members. 5
  • 7. www.riesgoriskmanagement.com info@riesgoriskmanagement.com Project register The project register submitted to the information security or compliance team provides the team with details of the project as well as the relevant for billing and time scale. The solution provides the team with the flexibility to provide their services to business units in remote locations and maintain the same level of assurance. Each project will also contain the full documentation set for the project either on teamrooms or as attachment, the documentations can include, PID, BRS, HLD and or LLD. 7
  • 8. www.riesgoriskmanagement.com info@riesgoriskmanagement.com The risk assessment Once the project has been assigned to a consultant, he or she would be able to pick up the project and review the details as well as carry out the business impact assessment. This BIA framework can incorporate your current risk management templates. The project dashboard reveals to the consultant the project details, the FRS survey carried out and he or she can initiate the Business impact assessment. If the team operates a milestone approval gate system, then the project milestones will also be available to the consultant for approval on due dates. The reports are also available to the project team for review and feedbacks. The diagram below describes how The consultant can add a new BIA as well as add stakeholders 8
  • 9. www.riesgoriskmanagement.com info@riesgoriskmanagement.com Project risk identification When the Consultant goes through the project documentation and has his or her meetings with them to identify the intentions and proposals from the project, the tool provide the option to register the risks identified in the project. The risk will identify the business impact, likelihood of occurrence as well as residual risks associated with the risk. The risk will be stored on the project risk register and reviewed periodically at each project milestone. The project register will be available to projects and information security/compliance teams to review and mitigate. As each mitigation is addressed and approved, the risk register will be updated to ensure there are no stagnant risks. 9
  • 10. www.riesgoriskmanagement.com info@riesgoriskmanagement.com Information Asset risk assessment Each information Asset is registered per business unit or organisation. The business unit can upload their assets and either carry out their risk assessment based on Confidentiality, Integrity and availability (CIA) using the standard risk matrix calculates the business impact assessment by defining the business risk, likelihood of occurrence and residual risk. The picture below shows how an information security/compliance team can view all the information assets from each business unit. When each business logs on, they will only be able to see their own assets whilst the information security/compliance can see the entire organisation. If the information asset was completed by the business unit, the information security/compliance team can review the information added and adjust accordingly or produce baseline policies for dealing with specific data for example, fraud, confidential or business sensitive assets. 10
  • 11. www.riesgoriskmanagement.com info@riesgoriskmanagement.com Business impact assessment The consultants can initiate their Business impact assessment for the project either by uploading their own BIA documents or if teamrooms are used setup a link to the central document repository. Once the BIA is uploaded, 11
  • 12. www.riesgoriskmanagement.com info@riesgoriskmanagement.com Risk assessment of assets The information asset can be edited to suit its current status. Each Asset is given an Asset ID and detail description provided including, data input and output as well as with whom the information asset is being shared. 12
  • 13. www.riesgoriskmanagement.com info@riesgoriskmanagement.com Risk management dashboards The tool provides several risk management dashboards depending on the desire of the organisation The project dashboard Asset list 13