Formal Risk Assessment

Risk Assessment is a straightforward and simple concept. Unfortunately, not many organizations understand what it really is. What this leads to is botched up risk assessment exercises that serve no real purpose except, in some cases, meet the requirement of some compliance standards (eg, PCI DSS, ISO 27001) for formal risk analysis.

Risk Assessment – What it really is

A risk assessment is analogous in many ways to visiting a hospital for a general health checkup. A qualified doctor examines the patient for signs of ill health and accordingly does one of the following two things:

A risk assessment works in much the same way. The objective is to analyze the current security posture of the environment, identify current problems, and things that can go wrong in the future. So far so good.  However, organizations face a number of challenges in implementing a risk assessment, some of which are as follows:

Challenges in Risk Assessment

 However, finding your way through these challenges can be worth it, since risk assessments bring about many benefits for the organization:

Benefits of Risk Assessment:

How SISA can help: