Risk assessment

What is a risk assessment?

An information security risk assessment is an important part of ISO 27001 and GDPR and forms part of a wider risk management process. The aim is to identify and assess the hazards and risks surrounding the organisations information assets so it can decide on a plan of action, including how it will treat the risks. Understanding the risks and putting the necessary controls in place to mitigate them will reduce the likelihood of a data breach or cyber attack taking place.

When planning for a risk assessment it is important to define the risk methodology, list your information assets, find your threats and vulnerabilities and assess their levels.

Related blog articles:

Nightmare on Cyber Street – managing the risks of remote working

ISO 27001:2013 6.2 – Establishing measurable information security objectives

ISMS Online Rating: 5 out of 5