Information Security Risk Assessment

The key to an effective risk management strategy is to develop a uniform methodology to ensure risks are properly identified and classified according to their potential impact upon the business, appropriate risk management controls are put in place, and these controls are monitored for effectiveness.

· The business has a specific set of priorities based on real risks

· By properly determining the value of the business information at risk, plans are developed commensurate with the value of the asset avoiding over-spending on unnecessary security controls

· The organization can demonstrate to auditors that it has taken measured steps to identify and address risk to the business

· Progress can be measured and compared to ensure security spending is meeting its intended purpose.

JCHCI utilizes a standard set of practices to identify and rank the level of impact a specific risk can have on a business.  Because there are as many opinions and methods on how to rate a risk as there are people looking at an issue, the following principles are applied in every JCHCI risk assessment:

· Both qualitative and quantitative approaches are used to identify and classify risk

· Risk will be rated based on the importance an asset has to the business and the likelihood the risk will disrupt the asset’s service

· High-level risk assessments measure the percentage of compliance the company’s security program performs towards the ISO17799/BS7799  international security  standard

Once a risk is rated, JCHCI can help to determine the most cost effective and least disruptive means to address the risk.

Summary

Benefits