Conducting Risk Assessments
Information Security Risk Assessments Process Mind Map (Ref: NIST - 800-30)
Conducting Risk Assessments
af Shiva Krishna
1. Risk Management process
2. Risk Assessment
3. Key Risk Concepts
3.1. Risk Models
3.2. Assessment Approaches
3.3. Analysis Approaches
3.4. Effects of Organizational Culture on Risk Assessments
4. Application of Risk Assessemnts
4.1. Risk Assessments at the Organizational Tier
4.2. Risk Assessments at the Mission/Business Process Tier
4.3. Risk Assessments at the Information System Tier
4.4. Risk Communications and Information Sharing
5. Preparing for the Risk Assessment
5.1. Identify Purpose
5.2. Identify Scope
5.3. Identify Assumptions and Constraints
5.4. Identify Information Sources
5.5. Identify Risk Model and Analytic Approach
6. Conduct the Assessment
6.1. Identify Threat Sources
6.2. Identify Threat Events
6.3. Identify Vulnerabilities and Predisposing conditions
6.4. Determine Likelihood
6.5. Determine Impact
6.6. Determine Risk
7. Communication and Sharing of Risk Assessment Information
7.1. Communicate and Share Risk Assessment Results
7.1.1. Communicate Results
7.1.2. Share Risk related information
7.2. Maintaining the Risk Assessment
7.2.1. Monitor Risk Factors
7.2.2. Update Risk Assessment