Risk Assessment Process – Information Security
This document presents a risk assessment process this is designed to enable agencies to systematically identify, analyse and evaluate the information security risks associated with an information system or service together with the controls required to manage them.
During a risk assessment it is essential to establish the business and technical context of the information system being reviewed. Establishing the context ensures that the businesses objectives are captured and that the internal and external factors that influence the risks are considered. It also sets the scope for the rest of the process.