GIS Information Portals
Risk assessment is a process whereby the assets of a company are identified and assigned a value, probable threats to those assets are identified, then counter measures are selected to protect against those threats.
Determining assets at risk in order to proceed in some logical order, assets are first categorized into groups and are presented from the most expendable to the most valuable
Threat and vulnerability assessment
Knowing what is considered a threat, the probability of that threat occurring, and what impact it will have on the asset. The process usually includes External and Internal Network Penetration Testing.
Risk Assessment and Countermeasures
As the data collected is evaluated, top management will have to determine what acceptable risk is and how to deal with it in order to protect the asset and mitigate the risk
After the risk assessment process, a remediation report is generated. The report is being delivered to the IT manager to allocate the needed resource to execute the remediation steps
Monitoring of Controls
At this stage, Risk assessment moves from a process to an ongoing program. As controls are put into place, the task then becomes providing feedback on effectiveness. If the control is not having the desired result, changes will have to be made. As new threats are identified or new assets are introduced, this new information will feed back into the loop so that it can be mitigated and appropriate adjustments made. Further, if there is a failure to adjust the value of assets as they depreciate or other economic trends affect the value of an asset, then the data becomes invalid.