For many people, the prospect of conducting a risk assessment is daunting. Inexperienced assessors often rely on spreadsheets, spending hours interviewing people in their organisation, exchanging documents and methodologies with other departments and filling in data. After all that, they’ll probably realise how inconvenient spreadsheets are. For example:
- They are prone to user error;
- They are hard to maintain;
- It’s difficult to find relevant data in multiple tabs; and
- They don’t automatically conform to ISO 27001
It doesn’t have to be like this. The risk assessment software vsRisk™ provides a simple and fast way to identify relevant threats, and deliver repeatable, consistent assessments year after year.
Its asset library assigns organisational roles to each asset group, applying relevant potential threats and risks by default. Additionally, its integrated risk, vulnerability and threat databases eliminate the need to compile a list of potential risks, and the built-in control sets help you comply with multiple frameworks.
The software also:
- Helps you create custom acceptance criteria for specific likelihood/impact combinations;
- Guides you through eight simple steps to complete a risk assessment for a single asset;
- Includes a help overlay button, which provides explicit instructions for each step of the process;
- Enables users to automatically keep control sets up to date and get access to new control sets as they’re released; and
- Helps you export the asset database and populate an asset management system/register.
vsRisk also features a sample risk assessment, allowing you to understand and customise the tool’s features. The sample provides a populated list of assets assigned to a standard set of asset owners for a typical organisation. Each asset features a series of potential risks, as well as the corresponding controls from ISO 27001.