SECURITY RISK MANAGEMENT
Brisk Risk management is the process of identifying risk, assessing risk, and taking steps to reduce risk to an acceptable level. Brisk Risk management encompasses three processes such as risk assessment, risk mitigation, and evaluation and assessment. Security risk assessment is an on-going process of discovering, correcting and preventing security problems. The risk assessment is an integral part of a risk management process designed to provide appropriate levels of security for information systems.
- Identify, assess and quantify your risks
- Optimise your security spending to focus on what matters to your organisation
- Reduce risk and demonstrate compliance
- Non-corporate organisations need to develop a security risk management process to identify specific risks to their people, information and assets
The following are common tasks will be performed in any security risk management. The actual tasks performed will depend on each organisation’s assessment scope and user requirements:
- Identifying business needs
- Reviewing existing security policies, standards, guidelines and procedures.
- Analysing assets, threats and vulnerabilities including their impacts
- Assessing physical protection applied to computing equipment and other network components.
- Conducting technical and procedural review network architecture, protocols and components
- Analysing of the network architecture, protocols and components to ensure that they are implemented according to the security policies.
- Reviewing and check the configuration, implementation and usage of remote access systems, servers, firewalls and external network connections, including the client Internet connection.
- Reviewing logical access and other authentication mechanisms.
- Reviewing current level of security awareness and commitment of staff within the organisation.
- Reviewing agreements involving services or products from vendors and contractors.
- Developing practical technical recommendations to address the vulnerabilities identified, and reduces the level of security risk.
- Visualising the risk on the business perspective.
- Curtailing time on managing risk,
- Non collating and manipulating risk data.
- Cost Justification.
How is Risk IT relevant to the governance of enterprise IT?
Risk management as one of the five focus areas of IT governance, alongside strategic alignment, value delivery, performance measurement and resource management.
How is the Risk IT framework structured?
The Risk IT framework is structured according to three domains: