Risk Register

Preconditions

To start a risk analysis, it is wise to meet at least the following conditions.

  • The order to perform a risk analysis must come from the person who owns the information on which the risk analysis must be performed. This person becomes the risk owner of the identified risks.
  • The order to perform a risk analysis must have a clear scope. Choosing the right scope is important for obtaining useful results from a risk analysis. A process, a department or a project are good to choose as a scope. An information system is less ideal as a scope, because you may then be looking too narrowly. The information in an information system may be part of a process that extends beyond just that information system. To assess whether an information system is secure, a penetration test is a better approach. To assess whether a network is secure, threat modeling is a better approach.
  • The order to supervise the risk analysis must be placed with someone who has sufficient knowledge of it. This person becomes the risk analysis process facilitator. The information owner remains responsible for making preparations and organizing the analysis session.
Back
Risk Register v1.4Source code
Are you sure?HelpIdentifier