Risk assessment

Understand where your focus is necessary.

Assessing risks is vitally important in order to understand where you should focus your attention when considering applying controls. During a risk assessment process, there are four stages that require careful attention:

  1. Prepare
  2. Conduct
  3. Communicate results
  4. Maintain assessment (continually review)

Cybersecurity Frameworks

To assist with the risk management process there are various internationally recognised frameworks that can be referenced for assistance:

Results from risk assessments should be presented as either quantitative or qualitative information.

Quantitative Risk Assessment

Quantitative risk is represented by a numerical value. For example, when considering the risk of a power surge destroying a server, the total should factor in the cost of replacing the server, working hours to replace it, reputational damage for the loss of service etc. Say £10,000.

To calculate the annual loss expectancy you need to identify the frequency of the risk occurring (say four months) and calculate an annual percentage, then times this by the cost. In our example this would be:

1 / 4 x 100 = 25%

25% x £10000 = £2500 annual loss expectancy.

Qualitative Risk Assessment

Qualitative risk is represented by a description or category. This could for example be a grading one to 10 or low / medium / high or critical / essential / important etc. To conduct a qualitative risk assessment you need to grade both the likelihood and impact of the risk. The resulting risk is a factor of both, but not necessarily an equation.

This risk assessment process enables businesses to properly consider the full breadth and depth of the risk. Through the application of controls (or none at all), risk can either be avoided, accepted, transferred or mitigated.

Assessment overview

Connect with usGet in touch with our security experts

Our team is available for a quick call or video meeting. Let's connect and discuss your security challenges, dive into vendor comparison reports, or talk about your upcoming IT-projects. We are here to help.

Placeholder for Portrait of engineer beard wearing poloPortrait of engineer beard wearing polo

Latest news and blog posts