What is a risk assessment?
An information security risk assessment is an important part of ISO 27001 and GDPR and forms part of a wider risk management process. The aim is to identify and assess the hazards and risks surrounding the organisation’s information assets so it can decide on a plan of action, including how it will treat the risks. Understanding the risks and putting the necessary controls in place to mitigate them will reduce the likelihood of a data breach or cyber attack taking place.
When planning for a risk assessment it is important to define the risk methodology, list your information assets, find your threats and vulnerabilities and assess their levels.