CEB Blogs


Information Risk

The 8 Types of Risk Assessment You Should Know About

Understanding each of these can help explain to colleagues why and how you need to conduct a risk assessment

“Risk assessment” has become a popular term in business, government, education, and many more places besides. It also has almost as many definitions as well. All kinds of corporate functions, for example – from finance to procurement teams – will ask line partners to help them with a risk assessment.

For information security teams who are trying to impose order on a huge and complex new risk category, it’s imperative that their colleagues understand the importance of helping with the “risk assessment” they are trying to conduct, and in complying with the results of that assessment.

Chart 1 below can help with understanding the different types of risk assessment that information security teams need to conduct, and may also help explain the process, and the importance of it, to colleagues.

Chart 1: Different ways of assessing risk  Source: CEB analysis


More On…

  • Information Risk Management

    The rising importance of information risk has dramatically changed the opportunities for CISOs. Information Security budget and headcount have increased more than 200% in the past four years. Learn how to make the most of all those resources.

Leave a Reply



Recommended For You

10 New Information Security Roles for the Digitization Era

As digitization begins to dominate business, information security teams have a huge role to play...