Companies today are faced with growing insecurity and complexity, which complicates their technical and business risks management efforts. Managing operating risks significantly influences the quality and success of project management, which is an important factor of successful market position and requires the existence of clear, measurable and iterative risk management processes.
The definition of operational risk in Basel II states that it is “the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events“. In simpler terms, security risk is defined as the possibility of realization of undesired event that can harm confidentiality, integrity and availability of information or information resources.
Risk management process gives answers to the following questions:
- How to harmonize business and security requirements,
- Which direction to take in the implementation of controls for raising information security level,
- How to reduce risks to acceptable levels, so that investments remain justified in the business and financial sense.
Risk assessment is the basis for connecting information security management system and business continuity management system with the company’s business strategy.
|Establishing the scope of risk management||Risk management scope|
|Establishing risk assessment methodology||Risk assessment methodology|
|Resource identification and assessment||Resources catalogue|
|Identification of threats and vulnerability||Risk assessment report|
|Compiling recommendations for risk reduction||Risk assessment proposal|
|Establishing processes/procedures for periodic risk assessment||Risk management process/procedure|