أنشئ حسابًا أو سجّل الدخول للانضمام إلى مجتمعك المهني.
Employ a Risk Management Framework. NIST SP- defines a six-step RMF process that begins with categorizing your system, selecting safeguards and countermeasures, implementing these controls, assessing them for effectiveness and monitoring them to get real time psoture of your system and to maintain an acceptable level of risk. Incoorporating the RMF into the system or business devcelopment life cycle, reduces risks and cost of mitigating the risks that may show up later.
Assessing risk should happen through out this process as you develop the system or business with a risk assessment methodology that characterizes your system, checks for threats and vulnerabilities, determines impact if the threat was to exploit the vulnerability, consider the likelihood of that happening. Risk is a function of threat and vulnerable. Once risk is determined develop a point of action and milestones to address the risks that are unacceptable.
Data collection is key to risk assessment. Use all available, ethical methods at your disposal to collect data on the systems about the description, criticality, sensitivity, etc. to contribute. Better still use and automated tool like OCTAVE, RiskWatch, etc for assessing risk in information systems and the information they contain.
Thank you for the invitation.
This is one of the secret of our Organisation.
Sorry
Thank you for your invitation. I agree with colleagues answer & looking forward to new answer.
Thanks for invitation,
Yes of Course, this usually handling by the specialized "Risk Management " people, whom they are focusing and mentoring all types of risk and ensure how to mitigate in order to minimize its effect toward the organization.
Thank you for inviting me. I agree with our specialists here...................
Thanks
I support the answer which given by colleague obaid
Yes. Strategy is always good if we have change margin in it according to the situations. Just analyze the situations, get updated to change to have idea about type and nature of risk in future and the other ways and procedures to reduce it. It can be a team effort as well.