A risk assessment is one of the first tasks an organisation should complete when preparing its cyber security policy and programme. It’s the only way to make sure that the controls you choose are appropriate to the risks your organisation faces.
Without a risk assessment, you could ignore threats or waste time, effort and resources defending against events that are unlikely to occur or won’t have a significant impact.
There are many ways to conduct a risk assessment. Some organisations use spreadsheets, because they see them as a cost-effective tool to get the results they need. However, this is probably a bad idea: spreadsheets should be used by accountants, not risk assessors.
The risk assessment process is complicated and multi-dimensional, so whatever tool you use, it has to be up to the challenge. It needs to be able to take into account assets, threats, vulnerabilities, controls and the likelihood and impact values of risks. It also needs to be able to facilitate reports and analyses.
Ideally, organisations should use a tool that’s specifically designed for risk assessments, such as Vigilant Software’s vsRisk™.
What is vsRisk?
vsRisk is an information security risk assessment software tool created by industry-leading ISO 27001 experts. It’s fully aligned with ISO 27001, the international standard that describes best practice for an information security management system, and helps you conduct an information security risk assessment quickly and easily.
vsRisk helps you produce consistent, repeatable and reliable risk assessments, and is:
- Easy to use: Your risk assessment procedure is as simple as choosing a few options and clicking a few buttons.
- Aligned with ISO 27001: Meets the ISO 27001 requirements for consistent, valid and comparable results.
- Able to generate audit reports: You can export reports, including a Statement of Applicability and risk treatment plan, edit them and share them across the business and with auditors.
- Geared for repeatability: It’s easy to repeat your risk assessments in a consistent manner year after year (or whenever circumstances change).
- Streamlined and accurate: Drastically reduces the chance of human error.