One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 409092 |
| Date de publication | 2017-08-30 09:19:09 (vue: 2017-08-30 09:19:09) |
| Titre | NBlog August 30 - information risk assessment (reprise) |
| Texte |  On ISO27k Forum this morning, an FAQ made yet another appearance. SR asked:"I am planning to do risk assessment based on Process/Business based. Kindly share if you have any templates and also suggest me how it can be done."Bhushan Kaluvakolan responded first by proposing a risk assessment method based on threats and vulnerabilities (and impacts, I guess), a classical information-security-centric approach that I've used many times. Fair enough.I followed up by proposing an alternative (and perhaps complementary) business-centric approach that I've brought up previously both on the Forum and here on NBlog:Consider the kinds of incidents and scenarios that might affect the process, both directly and indirectly. Especially if the process is already operating, check for any incident reports, review/audit comments, known issues, management concerns, expert opinions etc., and/or run a risk workshop with a range of business people and specialists to come up with a bunch of things – I call them 'information risks'. This is a creative, lateral thinking process – brainstorming. Focus on the information, as much as possible, especially information that is plainly valuable/essential for the business. If necessary, remind the experts that this is a business situation, a genuine organizational concern that needs pragmatic answers, not some academic exercise in precision.Review each of those information risks in turn and try to relate/group them where applicable. Some of them will be more or less severe variants on a common theme (e.g. an upstream supply chain incident can range from mild e.g. minor delays and quality issues on non-critical supplies, to severe e.g. sudden/unanticipated total failure of one or more key suppliers due to some catastrophe, such as the Japanese tsunami). Others will be quite different in nature (e.g. various problems with individual employees, IT systems etc.). A neat way to do this is to write each risk on a separate sticky note, then stick them on a white board and briefly explain them, then move them into related/different groups of various sizes and shapes. |
| Envoyé | Oui |
| Condensat | i instead keep about above academic acceptable acceptance according accountable action actions/risk activities actual additional address adequately affect again alchemy align all all/most allocated already also alternative always analysis analytical and/or anomalies another another appearance answers any anything applicable approach approaches are area areas aren around aside asked: assessment attendees august back ball based because become better bhushan blank board both bottom brainstorming briefly broader brought bunch business but call can can/should catastrophe cause centric chain chance changes check chris classical clearly closer colourful come comes comments common comparing competing complementary completed computer concern concerns constraints continue continues contrasting cool cost could creative critical criticality crop crystal data decision delays differences different directly discuss discussing does done draft drama drawn drive due each emerging emphasize employees enable endlessly energy enlightenment enough especially especially controversial etc evaluate even ever every examples exercise existing expert expertise experts explain facing fact failure fair faq find first fit fix focus followed forms forum found frequency from future gaze gazing generates genuine get given good got graph graphic greens group grouped groups guess had hall hang happen hard has have here high hinting hold hook how identification identified impact impacts improvements incident incidents including indicate indirectly individual information inherently initiative insight interests involving iso27k issues its japanese journey just kaluvakolan key kindly kinds know known later lateral least less likelihood likely linking look looking made magic make makes management many mathematically maybe meanwhile method methods might mild minor misses mixing models more morning move much nastiness nature nblog nblog:consider near neat necessary need needs new non not note noted notes objectives obsessing obsessive occur occurrence odd often omissions once one ones open operating opinions opportunities orange organization organizational other others ought out outliers overlaid owner parallel part people perhaps periodically personally perspective: perspectives pig pigs place plainly plan planning plot plus point positioning possibility possible potions powerpoint pragmatic pre precision predicting previously priorities prioritized probability problems process process/business projects proposing purposes put qualitative quality quantitative quite range rather reasons reconsider red refine refining reflected relate/group related/different relationships relaxed relevant remain remind reorganization reports represented reprise resources responded results retired review review/audit risk risks risks: run running runs safely safety say scale scenarios schedule science screen security see seems senior sense separate sessions set several severe severity shapes share should simple situation situations size sizes some someone sound specialists stick sticky strategic stubbornly stuck such sudden/unanticipated suggest suggested supplier suppliers supplies supply support system systems tackled tackling take techniques templates text than thanks that them theme then these things thinking those though threats time times tip tips too total treat treated treating treatment treatments treatments/controls trouble truly try trying tsunami turn uncertain understanding update upstream urgently used valuable/essential variants various visio vulnerabilities way what whatever when where whether white whiteboard who whole will witchcraft wording work working workshop workshops workshops etc worrying worth write writing wrong yet ymmv your zone zones … |
| Tags | |
| Stories | Wannacry |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.