As many of you know this is one of the main projects in the ISM community and there are some different perspectives of the best method to perform and Risk Assessment. I am really hoping to get some good feedback across industries on this question.
Where does the Risk Assessment methodology come from?
I know many asset risk assessments are based on the NIST and OCTAVE methods, which is usually the work I perform. Many of the process based risk assessments I have seen are done by auditors (the Big 5 type companies). When reviewing many of these I notice they all seem different, thus I’m not sure the method’s they follow (some use COBIT). Most organizations I have consulted to use the Audit department to perform the process risk assessment while the asset risk assessment is usually done in a separate group or by information security.
Asset Risk Assessment: Brief overview
The asset based risk assessment that I perform usually focuses on asset risk in terms of the people, processes, and technology. With that said I do not map every process, like a process risk assessment. The end result of the assessment is a list of asset groups (prioritized by severity), threats (assigned a value based on likelihood) mapped to each asset group, and vulnerabilities (ranked by impact and how easy it is to compromise) associated with each asset group. All of these (assets, threats, vulnerabilities) have scores associated with them that when added up produce a risk score. Then risk prioritized recommendations are created to remediate the vulnerabilities.
We need both!
Is the asset assessment better than a process assessment? I don’t think so, but most organizations that I have consulted (on risk assessment) have problems with a process based risk assessment when it is done alone. However, when combined together both methods usually cover most areas of risk. Again, I don’t think either one is better than the other. I believe we need a mechanism in place to assess both the asset and its associated processes.
What is your view?
InfoSecAlways.com 
Dear,
This is a very interesting topic and I thank you for discussing it. If you’ve process based assessments, it would be great if you can share some samples. I’m also wondering why process based assessment will not be enough? Is it because you usually find assets that you cannot map to certain assets? Although this must be challenged as an asset that is not supporting any business process, should not be there in the first place. I hope we can discuss this more.
Thank you
Sorry, I meant assets you cannot map to a business process, on the fourth line of my previous comment
Its like you read my mind! You seem to know so much about this, like you
wrote the book in it or something. I think that you could do with a few pics to drive the message home a little bit, but other than that, this is wonderful blog.
An excellent read. I will certainly be back.
Thanks designed for sharing such a good idea,
article is fastidious, thats why i have read it fully
Heya i’m for the primary time here. I came across this board and I in finding It truly helpful & it helped me out a lot. I’m
hoping to offer something again and aid others like you helped me.
hey there and thank you for your info – I’ve certainly picked up anything new from right here. I did however expertise some technical issues using this website, since I experienced to reload the website a lot of times previous to I could get it to load correctly. I had been wondering if your hosting is OK? Not that I am complaining, but slow loading instances times will sometimes affect your placement in google and can damage your high-quality score if ads and marketing with Adwords. Anyway I am adding this RSS to my email and could look out for a lot more of your respective fascinating content. Make sure you update this again very soon.
Article writing is also a excitement, if you be familiar with after that you can
write if not it is complicated to write.
That is really attention-grabbing, You’re an excessively skilled blogger. I have joined your feed and look forward to in quest of extra of your excellent post. Also, I’ve shared your website in my social networks
What’s up colleagues, pleasant post and fastidious arguments commented here, I am really enjoying by these.
Understanding the business, identifying the critical business processes and later mapping these processes with the critical assets. I guess thats the funda.
Webmasters and marketers might have worked hard to bring their website to the world, but most found out that theirs
has not been really successful with little visibility in the wider
market and are getting frustrated that all the work could be wasted.
In the package you will also find comments by niche, tutorials, tools, proxy sources and future discounts on our products.
While other posting Software may offer pinging your links
in hopes that they get crawled and indexed by the Search Engine, GSA
Search Engine Ranking software provide full option for integrating with the
most popular link indexing platforms like GSA Indexer, Lindexed, Linklicious, &
backlinksindexer.
With havin so much written content do you ever run into
any poblems of plagorism or copyrigt violation?
My blog hass a lot of completely unique content I’ve either written
myself or outsourced but it looks like a lot of it is popping iit up all over the internet without
my agreement. Do you know any solutions to help reduce content from being stolen?
I’d certainly appreciate it.
Wow that was odd. I just wrote an extremely long comment but after I clicked submit
my comment didn’t appear. Grrrr… well I’m not writing all that
over again. Anyway, just wanted to say superb blog!
Heya i’m for the first time here. I found this board and I find It truly useful & it helped me out a lot.
I hope to give something back and aid others like you aided me.
I think the admin off this web site is truly working
hard in support of his web site, as here every data
is quality based data.
Helpful information. Lucky me I found your site by chance, and I am shocked why this accident didn’t took place
earlier! I bookmarked it.
Everything is very open with a clear clarification of thhe
challenges. It was efinitely informative. Yoour site is very useful.
Thank you for sharing!
Greetings! Very helpful advice withiin this article!
It’s the little changes that wioll make the mostt important
changes. Many thanks for sharing! the best place to bbuy instagram
followers
Cause I’ve written and I’ve written and I’ve written but I don’t have a direction right now.
Colossal Legends doesn’t need a returning tale,
recognize it fairly definitely. They try not to combat one after one and there is no standby beast once
the types in struggle were killed.
I simply couldn’t depart your web site before suggesting that I really enjoyed the usual information an individual supply in your visitors?
Is going to be back ceaselessly to check out new posts
I’m impressed, I have to admit. Seldom do I come across a blog that’s both equally
educative and engaging, and let me tell you, you have
hit the nail on the head. The problem is something not enough folks are speaking intelligently about.
Now i’m very happy that I stumbled across this in my search for something relating to this.
Marvelous, what a weblog it is! This webpage gives helpful facts to us, keep
it up.
I really like reading through an article that will make men and women think.
Also, thank you for permitting me to comment!
Unlike traditional bonuses which might restrict your play, rakeback offers you rebates on rake based upon your Monthly Gross Revenue (MGR) towards the poker network.
Stephen Krex and Rush Poker is surely an interesting new spin for your
beloved game at Full Tilt Poker. 5 Card Draw, HORSE,
Razz and 8-game are merely several various poker games you
can chose to play, so Poker – Stars are more or less the
only place you need to look, when you wish to try out your preferred poker game.
I see you don’t monetize infosecalways.com, don’t waste your traffic,
you can earn additional bucks every month
with new monetization method. This is the best adsense alternative for any type of website (they approve all sites), for more info simply search in gooogle: murgrabia’s tools