5 Steps to Creating a Cybersecurity Risk Assessment

Thoughtware Article Published: Jul 22, 2015

Many financial institutions are faced with managing and maintaining information security risk assessments, including the need to integrate cybersecurity threats. In general, financial institutions should review their existing risk assessment program with cybersecurity threats. However, if it’s easier to have a separate program, management should consider its options.

We recommend developing a five-step plan to help establish a foundation for a meaningful risk assessment program:

  1. Identify information assets
    Consider the primary types of information handled, e.g., Social Security numbers, account numbers or human resource data, and make a priority list of what needs to be protected. To properly identify assets, include personnel from various departments.
  1. Locate information assets
    Identify and list where each item on the information asset list resides within the organization, e.g., file servers, workstations, laptops, removable media or smartphones.
  1. Classify information assets
    Assign a rating to your information asset list. Consider a scale of 1 to 5, with the following categories:
  • Public information
  • Internal but not protected data
  • Sensitive internal information
  • Classified internal information
  • Regulated information
  1. Conduct a threat modeling exercise
    Rate the threats facing critical information assets. Many different methodologies are available (potential fodder for a separate article). In any case, use a scaling system to rate each identified threat, considering probability and impact.
  1. Finalize the risk assessment and start planning
    Calculate the threat scores using a scoring threshold and establish ranges and review the results.

The goal of the risk assessment exercise is to establish a risk assessment program to enhance your information security program. If you need help with the risk assessment process, please contact us.

Related Thoughtware

Kate & Ben — How can we help you? Contact Us!

How can we help you?