Assessing Security Risks
The security management cycle starts with an
assessment of the security risks. Security Risk
Assessment is done to identify what security measures
are required. It is the initial step in evaluating
and identifying the risks and consequences associated
with vulnerabilities, and provides a basis for
management to establish a cost-effective security
Based on the assessment results, appropriate
security protection and safeguards should be implemented
to maintain a secure protection framework. This
includes developing security policies and guidelines,
assigning security responsibilities and implementing
technical security precautions and systems.
This step is followed by a cyclic compliance
review and re-assessment, designed to provide
assurance that security controls are put into
place properly in order to meet users' security
requirements, and to cope with rapid technological
and environmental changes. This relies on continuous
feedback and monitoring. The review can be undertaken
through periodic security audits to identify what
enhancements may be necessary.
By evaluating a list of considerations, you can
identify what assets to protect, their relative
importance, and each asset's priority ranking
for urgency and required level of protection.
The flow chart below shows the major steps in
Security Risk Assessment.
Security Risk Assessment Steps