The purpose of the risk assessment is to evaluate the adequacy of organization’s security. The risk assessment provides a structured qualitative assessment of the operational environment.
It addresses sensitivity, vulnerabilities, risks and safeguards. The assessment recommends safeguards to mitigate threats and associated exploitable vulnerabilities.
Approach to provide the service
This risk assessment methodology and approach is conducted using the Defense In Depth methodology. The assessment evaluates security vulnerabilities affecting confidentiality, integrity, and availability. The assessment recommends appropriate security safeguards, allowing management to make knowledge-based decisions about security-related initiatives Risk Assessment Process.
This section details the risk assessment process performed during this effort. The process is divided into two sections: pre-assessment and assessment.
Phase I : Pre-Assessment
Step 1: Identify business processes and define the assets
Step 2: Data Collection
Phase II : Assessment
Step 1: Document Review
Step 2: System Characterization
Step 3: Vulnerability Identification
Step 4: Risk Determination (Calculation/Valuation)