Assessing Security Risks

The security management cycle starts with an assessment of the security risks. Security Risk Assessment is done to identify what security measures are required. It is the initial step in evaluating and identifying the risks and consequences associated with vulnerabilities, and provides a basis for management to establish a cost-effective security program.

Based on the assessment results, appropriate security protection and safeguards should be implemented to maintain a secure protection framework. This includes developing security policies and guidelines, assigning security responsibilities and implementing technical security precautions and systems.

This step is followed by a cyclic compliance review and re-assessment, designed to provide assurance that security controls are put into place properly in order to meet users' security requirements, and to cope with rapid technological and environmental changes. This relies on continuous feedback and monitoring. The review can be undertaken through periodic security audits to identify what enhancements may be necessary.

By evaluating a list of considerations, you can identify what assets to protect, their relative importance, and each asset's priority ranking for urgency and required level of protection. The flow chart below shows the major steps in Security Risk Assessment.

Security Risk Assessment Steps

Planning

to

Information Gathering

to

Risk Analysis

to

Identifying & Selecting Safeguards

to

Implementation *

to

Monitoring *

(Please click the boxes in the diagram for detailed explanation of the term. Some boxes will link you directly to sections with detailed explanation.)