“Risk assessment” has become a popular term in business, government, education, and many more places besides. It also has almost as many definitions as well. All kinds of corporate functions, for example – from finance to procurement teams – will ask line partners to help them with a risk assessment.
For information security teams who are trying to impose order on a huge and complex new risk category, it’s imperative that their colleagues understand the importance of helping with the “risk assessment” they are trying to conduct, and in complying with the results of that assessment.
Chart 1 below can help with understanding the different types of risk assessment that information security teams need to conduct, and may also help explain the process, and the importance of it, to colleagues.
Chart 1: Different ways of assessing risk Source: CEB analysis