Elements and Performance Criteria
- Establish security risk context
- Identify security risk
- Analyse security risk
- Identify threat assessments, current exposure and current security arrangements to estimate the likelihood of each risk event occurring.
- Determine potential consequences of each risk including critical lead time for recovery.
- Determine, document and communicate risk ratings and include a rationale for each.
- Evaluate security risk
- Compile security risk register
- Develop a security risk register that records identified risks, their nature and source.
- Identify the consequences and likelihood of risks, and the adequacy of existing controls in the register.
- Record risk ratings for identified risks in register.
- Compile and maintain the security risk register to reflect changes in circumstances.
- Refer risk register to management for decisions on action and treatment of risks.
- Establish security risk context
- Identify security risk
- Analyse security risk
- Identify threat assessments, current exposure and current security arrangements to estimate the likelihood of each risk event occurring.
- Determine potential consequences of each risk including critical lead time for recovery.
- Determine, document and communicate risk ratings and include a rationale for each.
- Evaluate security risk
- Compile security risk register
- Develop a security risk register that records identified risks, their nature and source.
- Identify the consequences and likelihood of risks, and the adequacy of existing controls in the register.
- Record risk ratings for identified risks in register.
- Compile and maintain the security risk register to reflect changes in circumstances.
- Refer risk register to management for decisions on action and treatment of risks.