Let's recap

Step

1

Title

Designate a pilot/establish governance

Description

Risk management requires a dedicated person or team. The task can be long and tedious, so it's important to entrust it to someone who knows how the organization works.

Step

2

Title

Event log

Description

Take stock of past events, which will enable you to assess risks on the basis of past events.

Step

3

Title

Configuration risk scale

Description

Set your risk scale and the conditions applicable to each level

Step

4

Title

Control points

Description

Take stock of your organization's security measures and objectives. You can draw inspiration from the measures recommended in ISO 27001 (for IT security risks).

Step

5

Title

Risk identification

Description

Start by identifying the risks to your most critical assets

Step

6

Title

Create a type of risk

Description

identify feared events, threats, sources, etc.

Step

7

Title

Assess the risk

Description

The assessment concerns inherent risk (the theoretical risk associated with the activity. It can also be defined as the initial risk, before any control measures) and residual risk (the risk remaining after the implementation of control measures).

Step

8

Title

Deal with the risk

Description

Depending on the response, the control system may include the implementation of control points

Step

9

Title

Monitor the risk

Description

Risk must live with the activity it covers. Developments are monitored on a regular basis.

Dernière mise à jour