You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@@ -73,13 +73,15 @@ Communicating and documenting your risks
### Risk Assessment
#### 1. Define a scope for your risk assessment
“The scope of assessment should define the boundaries of the existing system you are assessing or the new system that is being built, and your scope should clearly define all the assets that are to be contained within it”
Also consider modelling the system scope with a scoping diagram.
#### 2. Understand your assets and assess impact
“To help with this you could build a register of assets that could include (for example) the equipment, systems, services, software, information and/or processes that are critical to the successful delivery of your business objectives.”
Once you have identified a list “you should (. . .) assess what the impact would be should those assets be, in some way, compromised. “
Once you have identified a list “you should assess what the impact would be should those assets be, in some way, compromised.“
“An asset register might look something like the following table where assets and their ownership are clearly identified along with an assessment and rating of impacts.”
