SlideShare une entreprise Scribd logo

Risk Assessment And Risk Treatment

Ben Omoakin Oguntala, developingafrica(dot)net
Ben Omoakin Oguntala, developingafrica(dot)net

IT Risk assessment and risk treatment tool

TechnologieÉconomie & finance
1  sur  14
Télécharger pour lire hors ligne
www.riesgoriskmanagement.com info@riesgoriskmanagement.com Risk assessment and risk treatment www.riesgoriskmanagement.com Contents Introduction ............................................................................................................................................ 2 Process overview .................................................................................................................................... 2 Risk assessment initiation: project submission & initial survey ............................................................. 3 The project registration form ................................................................................................................. 4 The submitted project registration form ................................................................................................ 5 Project register........................................................................................................................................ 7 The risk assessment ................................................................................................................................ 8 Project risk identification ........................................................................................................................ 9 Information Asset risk assessment ....................................................................................................... 10 Business impact assessment ................................................................................................................. 11 Risk assessment of assets ..................................................................................................................... 12 Risk management dashboards .............................................................................................................. 13 1
www.riesgoriskmanagement.com info@riesgoriskmanagement.com Introduction This document describes how www.riesgoriskmanagement.com ISO27001 compliance tool via its risk management function handles risk assessment and risk treatment. The following assumptions are made: 1. There is an Information security/compliance team in place 2. There are business processes in place with the Project teams and business units to submit projects and business changes as and when they occur. 3. There is a Risk Assurance forum in place to handle risks raised by the organisation on a periodic basis. 4. There is a minimum security policy in place in which all projects, business changes have to adhere to. Process overview The diagram below depicts the process by which projects are submitted and assessed, have their risks mitigated as well as the risk management and assurance. 2
www.riesgoriskmanagement.com info@riesgoriskmanagement.com Risk assessment initiation: project submission & initial survey The initial stage of risk assessment begins with project teams or business units submitting projects or business changes for assessment. For the sake simplicity, we provide a web based forms where project managers, business units can submit their projects or change requests. In order not to overwhelm the system, we have a project survey; this form completed by the project team or business unit and provides all the relevant information about the project. The initial survey is designed with rating system, depending on the selected entities, the project may score low or high. Low projects tend to be projects that either does not impact significant areas i.e. credit cards or confidential data or indicative a project that even though it impacts significant areas has adopted the correct minimum level for compliance. In either case, the project is submitted to the information security team for review. The picture below shows the function the team leader to allocate project to a team of consultants. 3
www.riesgoriskmanagement.com info@riesgoriskmanagement.com The project registration form The form will be made available on your intranet to allow all business units regardless of their geographical location to be able to access the form and complete the project registration. 4
www.riesgoriskmanagement.com info@riesgoriskmanagement.com The submitted project registration form Once completed, the project results are displayed to the project team and an alert is sent to the information security/compliance team with an indication of the result. The Survey score indicates that the project has scored low. The fields can be changed to accommodate the specific requirements of your organisation and the risk ratings can be changed to also reflect to your risk appetite. The risk score can be high, medium or low. All projects submitted can be viewed by the information security/compliance team and they can decide on which of the projects they wish to assess further. Traditionally, only medium and high risk projects are further assessed. If the information security/compliance team have several members that share work, we have the functionality for the team leader role who will deal with allocating projects to teams members. 5
www.riesgoriskmanagement.com info@riesgoriskmanagement.com A project with a high rating 6
www.riesgoriskmanagement.com info@riesgoriskmanagement.com Project register The project register submitted to the information security or compliance team provides the team with details of the project as well as the relevant for billing and time scale. The solution provides the team with the flexibility to provide their services to business units in remote locations and maintain the same level of assurance. Each project will also contain the full documentation set for the project either on teamrooms or as attachment, the documentations can include, PID, BRS, HLD and or LLD. 7
www.riesgoriskmanagement.com info@riesgoriskmanagement.com The risk assessment Once the project has been assigned to a consultant, he or she would be able to pick up the project and review the details as well as carry out the business impact assessment. This BIA framework can incorporate your current risk management templates. The project dashboard reveals to the consultant the project details, the FRS survey carried out and he or she can initiate the Business impact assessment. If the team operates a milestone approval gate system, then the project milestones will also be available to the consultant for approval on due dates. The reports are also available to the project team for review and feedbacks. The diagram below describes how The consultant can add a new BIA as well as add stakeholders 8
www.riesgoriskmanagement.com info@riesgoriskmanagement.com Project risk identification When the Consultant goes through the project documentation and has his or her meetings with them to identify the intentions and proposals from the project, the tool provide the option to register the risks identified in the project. The risk will identify the business impact, likelihood of occurrence as well as residual risks associated with the risk. The risk will be stored on the project risk register and reviewed periodically at each project milestone. The project register will be available to projects and information security/compliance teams to review and mitigate. As each mitigation is addressed and approved, the risk register will be updated to ensure there are no stagnant risks. 9
www.riesgoriskmanagement.com info@riesgoriskmanagement.com Information Asset risk assessment Each information Asset is registered per business unit or organisation. The business unit can upload their assets and either carry out their risk assessment based on Confidentiality, Integrity and availability (CIA) using the standard risk matrix calculates the business impact assessment by defining the business risk, likelihood of occurrence and residual risk. The picture below shows how an information security/compliance team can view all the information assets from each business unit. When each business logs on, they will only be able to see their own assets whilst the information security/compliance can see the entire organisation. If the information asset was completed by the business unit, the information security/compliance team can review the information added and adjust accordingly or produce baseline policies for dealing with specific data for example, fraud, confidential or business sensitive assets. 10
www.riesgoriskmanagement.com info@riesgoriskmanagement.com Business impact assessment The consultants can initiate their Business impact assessment for the project either by uploading their own BIA documents or if teamrooms are used setup a link to the central document repository. Once the BIA is uploaded, 11
www.riesgoriskmanagement.com info@riesgoriskmanagement.com Risk assessment of assets The information asset can be edited to suit its current status. Each Asset is given an Asset ID and detail description provided including, data input and output as well as with whom the information asset is being shared. 12
www.riesgoriskmanagement.com info@riesgoriskmanagement.com Risk management dashboards The tool provides several risk management dashboards depending on the desire of the organisation The project dashboard Asset list 13
www.riesgoriskmanagement.com info@riesgoriskmanagement.com Policy dashboard 14

Recommandé

Risk management
Risk managementRisk management
Risk management
Jubayer Alam Shoikat
 
The Purpose of Holistic Risk Management
The Purpose of Holistic Risk ManagementThe Purpose of Holistic Risk Management
The Purpose of Holistic Risk Management
Corporater
 
Infographic - Critical Capabilities of a Good Risk Management Solution
Infographic - Critical Capabilities of a Good Risk Management SolutionInfographic - Critical Capabilities of a Good Risk Management Solution
Infographic - Critical Capabilities of a Good Risk Management Solution
Corporater
 
Risk Overview & Risk management
Risk Overview & Risk managementRisk Overview & Risk management
Risk Overview & Risk management
Subhendu Datta
 
Risk management
Risk managementRisk management
Risk management
baderali2141
 
The Importance of Risk Management
The Importance of Risk ManagementThe Importance of Risk Management
The Importance of Risk Management
Vigilant Software
 
Risk management: Principles, methodologies and techniques
Risk management: Principles, methodologies and techniquesRisk management: Principles, methodologies and techniques
Risk management: Principles, methodologies and techniques
ILRI
 
Risk Identification Process PowerPoint Presentation Slides
Risk Identification Process PowerPoint Presentation SlidesRisk Identification Process PowerPoint Presentation Slides
Risk Identification Process PowerPoint Presentation Slides
SlideTeam
 

Recommandé

Risk management
Risk managementRisk management
Risk management
Jubayer Alam Shoikat
 
The Purpose of Holistic Risk Management
The Purpose of Holistic Risk ManagementThe Purpose of Holistic Risk Management
The Purpose of Holistic Risk Management
Corporater
 
Infographic - Critical Capabilities of a Good Risk Management Solution
Infographic - Critical Capabilities of a Good Risk Management SolutionInfographic - Critical Capabilities of a Good Risk Management Solution
Infographic - Critical Capabilities of a Good Risk Management Solution
Corporater
 
Risk Overview & Risk management
Risk Overview & Risk managementRisk Overview & Risk management
Risk Overview & Risk management
Subhendu Datta
 
Risk management
Risk managementRisk management
Risk management
baderali2141
 
The Importance of Risk Management
The Importance of Risk ManagementThe Importance of Risk Management
The Importance of Risk Management
Vigilant Software
 
Risk management: Principles, methodologies and techniques
Risk management: Principles, methodologies and techniquesRisk management: Principles, methodologies and techniques
Risk management: Principles, methodologies and techniques
ILRI
 
Risk Identification Process PowerPoint Presentation Slides
Risk Identification Process PowerPoint Presentation SlidesRisk Identification Process PowerPoint Presentation Slides
Risk Identification Process PowerPoint Presentation Slides
SlideTeam
 
Risk Management Process Steps PowerPoint Presentation Slides
Risk Management Process Steps PowerPoint Presentation Slides Risk Management Process Steps PowerPoint Presentation Slides
Risk Management Process Steps PowerPoint Presentation Slides
SlideTeam
 
Risk Assessment vs. Risk Management in Manufacturing
Risk Assessment vs. Risk Management in ManufacturingRisk Assessment vs. Risk Management in Manufacturing
Risk Assessment vs. Risk Management in Manufacturing
ContentAssets
 
Risk management
Risk managementRisk management
Risk management
RajuPrasad33
 
Project risk management principles
Project risk management principlesProject risk management principles
Project risk management principles
alexgr89
 
Risk Management Software
Risk Management SoftwareRisk Management Software
Risk Management Software
Corporater
 
Operational Risk Management and Bpm
Operational Risk Management and BpmOperational Risk Management and Bpm
Operational Risk Management and Bpm
Nathaniel Palmer
 
Risk management
Risk managementRisk management
Risk management
Manish Tiwari
 
Data Driven Risk Management
Data Driven Risk ManagementData Driven Risk Management
Data Driven Risk Management
Resolver Inc.
 
Risk management
Risk managementRisk management
Risk management
badar214118
 
Enterprise risk & risk management - I
Enterprise risk & risk management - IEnterprise risk & risk management - I
Enterprise risk & risk management - I
Dr. Shiv S Tripathi
 
Risk identification
Risk identificationRisk identification
Risk identification
murukkada
 
Ballot: Risk Assessments Made Simple
Ballot: Risk Assessments Made SimpleBallot: Risk Assessments Made Simple
Ballot: Risk Assessments Made Simple
Resolver Inc.
 
2010; Risk Management Workshop Rev.1.1
2010; Risk Management Workshop Rev.1.12010; Risk Management Workshop Rev.1.1
2010; Risk Management Workshop Rev.1.1
Muhammad Ector Prasetyo
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk Management
Resolver Inc.
 
Building an Effective AML Program
Building an Effective AML ProgramBuilding an Effective AML Program
Building an Effective AML Program
Corporater
 
Risk Management Best Practices
Risk Management Best PracticesRisk Management Best Practices
Risk Management Best Practices
PMILebanonChapter
 
Risk Management
Risk ManagementRisk Management
Risk Management
ysshah
 
Improve Your Risk Assessment Process in 4 Steps
Improve Your Risk Assessment Process in 4 StepsImprove Your Risk Assessment Process in 4 Steps
Improve Your Risk Assessment Process in 4 Steps
Resolver Inc.
 
Risk management process
Risk management processRisk management process
Risk management process
eduCBA
 
Strategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightStrategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management Right
Proformative, Inc.
 
EGK 2011: Construction 03 IRDS
EGK 2011: Construction 03 IRDSEGK 2011: Construction 03 IRDS
EGK 2011: Construction 03 IRDS
icebauhaus
 
Qualifying criteria
Qualifying criteriaQualifying criteria
Qualifying criteria
anupamjsp
 

Contenu connexe

Tendances

Project risk management principles
Project risk management principlesProject risk management principles
Project risk management principles
alexgr89
 
Operational Risk Management and Bpm
Operational Risk Management and BpmOperational Risk Management and Bpm
Operational Risk Management and Bpm
Nathaniel Palmer
 
Risk identification
Risk identificationRisk identification
Risk identification
murukkada
 
Ballot: Risk Assessments Made Simple
Ballot: Risk Assessments Made SimpleBallot: Risk Assessments Made Simple
Ballot: Risk Assessments Made Simple
Resolver Inc.
 
Risk Management
Risk ManagementRisk Management
Risk Management
ysshah
 
Strategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightStrategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management Right
Proformative, Inc.
 

Tendances (20)

Risk Management Process Steps PowerPoint Presentation Slides
Risk Management Process Steps PowerPoint Presentation Slides Risk Management Process Steps PowerPoint Presentation Slides
Risk Management Process Steps PowerPoint Presentation Slides
 
Risk Assessment vs. Risk Management in Manufacturing
Risk Assessment vs. Risk Management in ManufacturingRisk Assessment vs. Risk Management in Manufacturing
Risk Assessment vs. Risk Management in Manufacturing
 
Risk management
Risk managementRisk management
Risk management
 
Project risk management principles
Project risk management principlesProject risk management principles
Project risk management principles
 
Risk Management Software
Risk Management SoftwareRisk Management Software
Risk Management Software
 
Operational Risk Management and Bpm
Operational Risk Management and BpmOperational Risk Management and Bpm
Operational Risk Management and Bpm
 
Risk management
Risk managementRisk management
Risk management
 
Data Driven Risk Management
Data Driven Risk ManagementData Driven Risk Management
Data Driven Risk Management
 
Risk management
Risk managementRisk management
Risk management
 
Enterprise risk & risk management - I
Enterprise risk & risk management - IEnterprise risk & risk management - I
Enterprise risk & risk management - I
 
Risk identification
Risk identificationRisk identification
Risk identification
 
Ballot: Risk Assessments Made Simple
Ballot: Risk Assessments Made SimpleBallot: Risk Assessments Made Simple
Ballot: Risk Assessments Made Simple
 
2010; Risk Management Workshop Rev.1.1
2010; Risk Management Workshop Rev.1.12010; Risk Management Workshop Rev.1.1
2010; Risk Management Workshop Rev.1.1
 
Enterprise Risk Management
Enterprise Risk ManagementEnterprise Risk Management
Enterprise Risk Management
 
Building an Effective AML Program
Building an Effective AML ProgramBuilding an Effective AML Program
Building an Effective AML Program
 
Risk Management Best Practices
Risk Management Best PracticesRisk Management Best Practices
Risk Management Best Practices
 
Risk Management
Risk ManagementRisk Management
Risk Management
 
Improve Your Risk Assessment Process in 4 Steps
Improve Your Risk Assessment Process in 4 StepsImprove Your Risk Assessment Process in 4 Steps
Improve Your Risk Assessment Process in 4 Steps
 
Risk management process
Risk management processRisk management process
Risk management process
 
Strategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightStrategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management Right
 

En vedette

EGK 2011: Construction 03 IRDS
EGK 2011: Construction 03 IRDSEGK 2011: Construction 03 IRDS
EGK 2011: Construction 03 IRDS
icebauhaus
 
Qualifying criteria
Qualifying criteriaQualifying criteria
Qualifying criteria
anupamjsp
 
Construction and erection risks assessment engineering outlook
Construction and erection risks assessment engineering outlookConstruction and erection risks assessment engineering outlook
Construction and erection risks assessment engineering outlook
George Kazantsev
 
Logistic & supply chain management
Logistic & supply chain management Logistic & supply chain management
Logistic & supply chain management
Amal selva
 
Understanding_Construction_Risk_Assessment
Understanding_Construction_Risk_AssessmentUnderstanding_Construction_Risk_Assessment
Understanding_Construction_Risk_Assessment
Craig Ihde
 
Project Risk Management (10)
Project Risk Management (10) Project Risk Management (10)
Project Risk Management (10)
Serdar Temiz
 
Project Risk register
Project Risk registerProject Risk register
Project Risk register
Kashif Mastan
 

En vedette (20)

EGK 2011: Construction 03 IRDS
EGK 2011: Construction 03 IRDSEGK 2011: Construction 03 IRDS
EGK 2011: Construction 03 IRDS
 
Qualifying criteria
Qualifying criteriaQualifying criteria
Qualifying criteria
 
Construction and erection risks assessment engineering outlook
Construction and erection risks assessment engineering outlookConstruction and erection risks assessment engineering outlook
Construction and erection risks assessment engineering outlook
 
2011 Aon Industry Risk Report - Construction
2011 Aon Industry Risk Report - Construction2011 Aon Industry Risk Report - Construction
2011 Aon Industry Risk Report - Construction
 
Logistic & supply chain management
Logistic & supply chain management Logistic & supply chain management
Logistic & supply chain management
 
Understanding_Construction_Risk_Assessment
Understanding_Construction_Risk_AssessmentUnderstanding_Construction_Risk_Assessment
Understanding_Construction_Risk_Assessment
 
Procurement management
Procurement managementProcurement management
Procurement management
 
procurement plan details
procurement plan detailsprocurement plan details
procurement plan details
 
Project Risk Management (10)
Project Risk Management (10) Project Risk Management (10)
Project Risk Management (10)
 
Pmbok 4th edition chapter 5 - Project Scope Management
Pmbok 4th edition chapter 5 - Project Scope Management Pmbok 4th edition chapter 5 - Project Scope Management
Pmbok 4th edition chapter 5 - Project Scope Management
 
Project Risk register
Project Risk registerProject Risk register
Project Risk register
 
Procurement Plan
Procurement PlanProcurement Plan
Procurement Plan
 
The Basics of Tendering & Bidding
The Basics of Tendering & BiddingThe Basics of Tendering & Bidding
The Basics of Tendering & Bidding
 
Project Management Plan Template
Project Management Plan TemplateProject Management Plan Template
Project Management Plan Template
 
PROJECT SCHEDULE
PROJECT SCHEDULEPROJECT SCHEDULE
PROJECT SCHEDULE
 
Resource allocation
Resource allocationResource allocation
Resource allocation
 
Project Scope Management - PMBOK 5th Edition
Project Scope Management - PMBOK 5th EditionProject Scope Management - PMBOK 5th Edition
Project Scope Management - PMBOK 5th Edition
 
Supplier Risk Assessment
Supplier Risk AssessmentSupplier Risk Assessment
Supplier Risk Assessment
 
Project Scheduling
Project SchedulingProject Scheduling
Project Scheduling
 
Procurement: Strategies | Best Practices
Procurement: Strategies | Best PracticesProcurement: Strategies | Best Practices
Procurement: Strategies | Best Practices
 

Similaire à Risk Assessment And Risk Treatment

Sanitised Project Plan for Project Management
Sanitised Project Plan for Project ManagementSanitised Project Plan for Project Management
Sanitised Project Plan for Project Management
Sandy Clements
 
MCGlobalTech Cyber Capability Statement_Final
MCGlobalTech Cyber Capability Statement_FinalMCGlobalTech Cyber Capability Statement_Final
MCGlobalTech Cyber Capability Statement_Final
William McBorrough
 
u10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacobu10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacob
Beji Jacob
 
Project Risk Management Plan © 2015 by Jones & Bartl.docx
Project Risk Management Plan © 2015 by Jones & Bartl.docx Project Risk Management Plan © 2015 by Jones & Bartl.docx
Project Risk Management Plan © 2015 by Jones & Bartl.docx
gertrudebellgrove
 
Project Risk Management Plan © 2015 by Jones & Bartl.docx
Project Risk Management Plan © 2015 by Jones & Bartl.docx Project Risk Management Plan © 2015 by Jones & Bartl.docx
Project Risk Management Plan © 2015 by Jones & Bartl.docx
aryan532920
 
PROJECT FAST INVENTORY Delivere.docx
PROJECT FAST INVENTORY Delivere.docxPROJECT FAST INVENTORY Delivere.docx
PROJECT FAST INVENTORY Delivere.docx
woodruffeloisa
 
Project Risk Management Plan © 2015 by Jones & Bartl.docx
Project Risk Management Plan © 2015 by Jones & Bartl.docxProject Risk Management Plan © 2015 by Jones & Bartl.docx
Project Risk Management Plan © 2015 by Jones & Bartl.docx
AASTHA76
 
TaskYou are required to prepare for this Assessment Item by1..docx
TaskYou are required to prepare for this Assessment Item by1..docxTaskYou are required to prepare for this Assessment Item by1..docx
TaskYou are required to prepare for this Assessment Item by1..docx
bradburgess22840
 
TaskYou are required to prepare for this Assessment Item by1..docx
TaskYou are required to prepare for this Assessment Item by1..docxTaskYou are required to prepare for this Assessment Item by1..docx
TaskYou are required to prepare for this Assessment Item by1..docx
deanmtaylor1545
 

Similaire à Risk Assessment And Risk Treatment (20)

Iso 27001 Audit Evidence Acquisitionv3
Iso 27001 Audit Evidence Acquisitionv3Iso 27001 Audit Evidence Acquisitionv3
Iso 27001 Audit Evidence Acquisitionv3
 
Sample Risk Assessment Report- QuantumBanking.pdf
Sample Risk Assessment Report- QuantumBanking.pdfSample Risk Assessment Report- QuantumBanking.pdf
Sample Risk Assessment Report- QuantumBanking.pdf
 
Sanitised Project Plan for Project Management
Sanitised Project Plan for Project ManagementSanitised Project Plan for Project Management
Sanitised Project Plan for Project Management
 
Risk Insight v1.0 User Guide
Risk Insight v1.0 User GuideRisk Insight v1.0 User Guide
Risk Insight v1.0 User Guide
 
Enterprise 360 degree risk management
Enterprise 360 degree risk managementEnterprise 360 degree risk management
Enterprise 360 degree risk management
 
Guide to Software Estimation
Guide to Software EstimationGuide to Software Estimation
Guide to Software Estimation
 
MCGlobalTech Cyber Capability Statement_Final
MCGlobalTech Cyber Capability Statement_FinalMCGlobalTech Cyber Capability Statement_Final
MCGlobalTech Cyber Capability Statement_Final
 
Web Application Penetration Tests - Reporting
Web Application Penetration Tests - ReportingWeb Application Penetration Tests - Reporting
Web Application Penetration Tests - Reporting
 
u10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacobu10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacob
 
Project Risk Management Plan © 2015 by Jones & Bartl.docx
Project Risk Management Plan © 2015 by Jones & Bartl.docx Project Risk Management Plan © 2015 by Jones & Bartl.docx
Project Risk Management Plan © 2015 by Jones & Bartl.docx
 
Project Risk Management Plan © 2015 by Jones & Bartl.docx
Project Risk Management Plan © 2015 by Jones & Bartl.docx Project Risk Management Plan © 2015 by Jones & Bartl.docx
Project Risk Management Plan © 2015 by Jones & Bartl.docx
 
PROJECT FAST INVENTORY Delivere.docx
PROJECT FAST INVENTORY Delivere.docxPROJECT FAST INVENTORY Delivere.docx
PROJECT FAST INVENTORY Delivere.docx
 
Project Risk Management Plan © 2015 by Jones & Bartl.docx
Project Risk Management Plan © 2015 by Jones & Bartl.docxProject Risk Management Plan © 2015 by Jones & Bartl.docx
Project Risk Management Plan © 2015 by Jones & Bartl.docx
 
Enterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slidesEnterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slides
 
Ffiec cat may_2017
Ffiec cat may_2017Ffiec cat may_2017
Ffiec cat may_2017
 
FACT-Brochure
FACT-BrochureFACT-Brochure
FACT-Brochure
 
Enisa rm deliverable2-final-version-v1.0-2006-03-30
Enisa rm deliverable2-final-version-v1.0-2006-03-30Enisa rm deliverable2-final-version-v1.0-2006-03-30
Enisa rm deliverable2-final-version-v1.0-2006-03-30
 
Sample audit plan
Sample audit planSample audit plan
Sample audit plan
 
TaskYou are required to prepare for this Assessment Item by1..docx
TaskYou are required to prepare for this Assessment Item by1..docxTaskYou are required to prepare for this Assessment Item by1..docx
TaskYou are required to prepare for this Assessment Item by1..docx
 
TaskYou are required to prepare for this Assessment Item by1..docx
TaskYou are required to prepare for this Assessment Item by1..docxTaskYou are required to prepare for this Assessment Item by1..docx
TaskYou are required to prepare for this Assessment Item by1..docx
 

Plus de Ben Omoakin Oguntala, developingafrica(dot)net

Iso 27001 Audit Evidence Acquisition
Iso 27001 Audit Evidence AcquisitionIso 27001 Audit Evidence Acquisition
Iso 27001 Audit Evidence Acquisition
Ben Omoakin Oguntala, developingafrica(dot)net
 

Plus de Ben Omoakin Oguntala, developingafrica(dot)net (15)

Developing Africa Ode Remo brochure
Developing Africa Ode Remo brochureDeveloping Africa Ode Remo brochure
Developing Africa Ode Remo brochure
 
Developing Africa - Ode Remo
Developing Africa - Ode RemoDeveloping Africa - Ode Remo
Developing Africa - Ode Remo
 
Thisday story with Oguntala
Thisday story with OguntalaThisday story with Oguntala
Thisday story with Oguntala
 
Africa secretariat - The Home of African raw materials
Africa secretariat - The Home of African raw materials Africa secretariat - The Home of African raw materials
Africa secretariat - The Home of African raw materials
 
Data Leakage Prevention
Data Leakage PreventionData Leakage Prevention
Data Leakage Prevention
 
Data Protection Compliance In Economically Depressing Times
Data Protection Compliance In Economically Depressing TimesData Protection Compliance In Economically Depressing Times
Data Protection Compliance In Economically Depressing Times
 
Privacy Impact Assessment Final
Privacy Impact Assessment FinalPrivacy Impact Assessment Final
Privacy Impact Assessment Final
 
Managing Information Asset Register
Managing Information Asset RegisterManaging Information Asset Register
Managing Information Asset Register
 
Fraud Monitoring Solution
Fraud Monitoring SolutionFraud Monitoring Solution
Fraud Monitoring Solution
 
Conformidad De Seguridad De InformacióNv2
Conformidad De Seguridad De InformacióNv2Conformidad De Seguridad De InformacióNv2
Conformidad De Seguridad De InformacióNv2
 
Iso 27001 Audit Evidence Acquisition
Iso 27001 Audit Evidence AcquisitionIso 27001 Audit Evidence Acquisition
Iso 27001 Audit Evidence Acquisition
 
Gprs/3G Troubleshooter
Gprs/3G TroubleshooterGprs/3G Troubleshooter
Gprs/3G Troubleshooter
 
Pci V2
Pci V2Pci V2
Pci V2
 
FoI
FoIFoI
FoI
 
Dpa V3
Dpa V3Dpa V3
Dpa V3
 

Dernier

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Dernier (20)

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 

Risk Assessment And Risk Treatment

  • 1. www.riesgoriskmanagement.com info@riesgoriskmanagement.com Risk assessment and risk treatment www.riesgoriskmanagement.com Contents Introduction ............................................................................................................................................ 2 Process overview .................................................................................................................................... 2 Risk assessment initiation: project submission & initial survey ............................................................. 3 The project registration form ................................................................................................................. 4 The submitted project registration form ................................................................................................ 5 Project register........................................................................................................................................ 7 The risk assessment ................................................................................................................................ 8 Project risk identification ........................................................................................................................ 9 Information Asset risk assessment ....................................................................................................... 10 Business impact assessment ................................................................................................................. 11 Risk assessment of assets ..................................................................................................................... 12 Risk management dashboards .............................................................................................................. 13 1
  • 2. www.riesgoriskmanagement.com info@riesgoriskmanagement.com Introduction This document describes how www.riesgoriskmanagement.com ISO27001 compliance tool via its risk management function handles risk assessment and risk treatment. The following assumptions are made: 1. There is an Information security/compliance team in place 2. There are business processes in place with the Project teams and business units to submit projects and business changes as and when they occur. 3. There is a Risk Assurance forum in place to handle risks raised by the organisation on a periodic basis. 4. There is a minimum security policy in place in which all projects, business changes have to adhere to. Process overview The diagram below depicts the process by which projects are submitted and assessed, have their risks mitigated as well as the risk management and assurance. 2
  • 3. www.riesgoriskmanagement.com info@riesgoriskmanagement.com Risk assessment initiation: project submission & initial survey The initial stage of risk assessment begins with project teams or business units submitting projects or business changes for assessment. For the sake simplicity, we provide a web based forms where project managers, business units can submit their projects or change requests. In order not to overwhelm the system, we have a project survey; this form completed by the project team or business unit and provides all the relevant information about the project. The initial survey is designed with rating system, depending on the selected entities, the project may score low or high. Low projects tend to be projects that either does not impact significant areas i.e. credit cards or confidential data or indicative a project that even though it impacts significant areas has adopted the correct minimum level for compliance. In either case, the project is submitted to the information security team for review. The picture below shows the function the team leader to allocate project to a team of consultants. 3
  • 4. www.riesgoriskmanagement.com info@riesgoriskmanagement.com The project registration form The form will be made available on your intranet to allow all business units regardless of their geographical location to be able to access the form and complete the project registration. 4
  • 5. www.riesgoriskmanagement.com info@riesgoriskmanagement.com The submitted project registration form Once completed, the project results are displayed to the project team and an alert is sent to the information security/compliance team with an indication of the result. The Survey score indicates that the project has scored low. The fields can be changed to accommodate the specific requirements of your organisation and the risk ratings can be changed to also reflect to your risk appetite. The risk score can be high, medium or low. All projects submitted can be viewed by the information security/compliance team and they can decide on which of the projects they wish to assess further. Traditionally, only medium and high risk projects are further assessed. If the information security/compliance team have several members that share work, we have the functionality for the team leader role who will deal with allocating projects to teams members. 5
  • 7. www.riesgoriskmanagement.com info@riesgoriskmanagement.com Project register The project register submitted to the information security or compliance team provides the team with details of the project as well as the relevant for billing and time scale. The solution provides the team with the flexibility to provide their services to business units in remote locations and maintain the same level of assurance. Each project will also contain the full documentation set for the project either on teamrooms or as attachment, the documentations can include, PID, BRS, HLD and or LLD. 7
  • 8. www.riesgoriskmanagement.com info@riesgoriskmanagement.com The risk assessment Once the project has been assigned to a consultant, he or she would be able to pick up the project and review the details as well as carry out the business impact assessment. This BIA framework can incorporate your current risk management templates. The project dashboard reveals to the consultant the project details, the FRS survey carried out and he or she can initiate the Business impact assessment. If the team operates a milestone approval gate system, then the project milestones will also be available to the consultant for approval on due dates. The reports are also available to the project team for review and feedbacks. The diagram below describes how The consultant can add a new BIA as well as add stakeholders 8
  • 9. www.riesgoriskmanagement.com info@riesgoriskmanagement.com Project risk identification When the Consultant goes through the project documentation and has his or her meetings with them to identify the intentions and proposals from the project, the tool provide the option to register the risks identified in the project. The risk will identify the business impact, likelihood of occurrence as well as residual risks associated with the risk. The risk will be stored on the project risk register and reviewed periodically at each project milestone. The project register will be available to projects and information security/compliance teams to review and mitigate. As each mitigation is addressed and approved, the risk register will be updated to ensure there are no stagnant risks. 9
  • 10. www.riesgoriskmanagement.com info@riesgoriskmanagement.com Information Asset risk assessment Each information Asset is registered per business unit or organisation. The business unit can upload their assets and either carry out their risk assessment based on Confidentiality, Integrity and availability (CIA) using the standard risk matrix calculates the business impact assessment by defining the business risk, likelihood of occurrence and residual risk. The picture below shows how an information security/compliance team can view all the information assets from each business unit. When each business logs on, they will only be able to see their own assets whilst the information security/compliance can see the entire organisation. If the information asset was completed by the business unit, the information security/compliance team can review the information added and adjust accordingly or produce baseline policies for dealing with specific data for example, fraud, confidential or business sensitive assets. 10
  • 11. www.riesgoriskmanagement.com info@riesgoriskmanagement.com Business impact assessment The consultants can initiate their Business impact assessment for the project either by uploading their own BIA documents or if teamrooms are used setup a link to the central document repository. Once the BIA is uploaded, 11
  • 12. www.riesgoriskmanagement.com info@riesgoriskmanagement.com Risk assessment of assets The information asset can be edited to suit its current status. Each Asset is given an Asset ID and detail description provided including, data input and output as well as with whom the information asset is being shared. 12
  • 13. www.riesgoriskmanagement.com info@riesgoriskmanagement.com Risk management dashboards The tool provides several risk management dashboards depending on the desire of the organisation The project dashboard Asset list 13