Lesson 1, Topic 1
In Progress

Risk analyses and treatments

Risk analysis and risk treatment make individual adaptation of measures possible, as already described. However, the risks should be analysed, evaluated and dealt with. To help them do this, we provide a risk management template in tabular form. Once the risks have been identified, they must be assessed in relation to information security. In other words, one creates a risk-based consideration of the possible dangers and the appropriate countermeasures. Such an assessment can also provide an overview to detect costs and constraints and to see if the benefits exceed the costs or constraints.

Tip: Form a risk assessment team. This often identifies more risks and the different perspectives also keep you close to the practice so that your view of the risks is also sharpened.
The “Risk Management Procedures” documents accompanied by the “Risk Assessment and Treatment Plan” table provide you with a simple method to identify, assess and address your risks. You should define the risk classes in the process descriptions as well as describe the behaviour in dealing with the risks.