Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

List of possible participants in a risk assessment workshop:

  • Management (defining risk appetite)
  • Information Security Manager/Officer
  • Risk owners / Asset owners
  • Risk assesment facilitator


Risk treatment and residual risk

...

  • The organization's ownership of ICT
  • Information security policy and guidelines
  • Organization of information security
  • Resources
  • Expertise, skills and safety culture
  • Employee safety
  • Architecture
  • Work processes
  • Roles and responsibilities
  • Establishment and maintenance of portfolio
  • Innovation
  • Decision-making by ICT investments
  • Acquisition, development and maintenance of ICT systems / services
  • Quality assurance
  • Supplier relations
  • Handling of information assets
  • Access control
  • Operation and management
  • Infrastructure
  • Software
  • Data communication security
  • Cryptography
  • Malware and logical attacks
  • Social engineering
  • Theft or destruction
  • Disloyal employees
  • Physical and environmental areas
  • Geopolitical conditions
  • Handling of information security incidents
  • Continuity plans
  • Compliance with laws, rules and agreements
  • Communication


Tools/Aids