In this phase, you will start building the inventory of all your risks in the form of the Security Risk Register. This will allow you to aggregate risks and have an organizational macro view of security. This phase will take you through the following activities:
- Establish a risk register as part of the risk management program.
- Review the summarized results and the aggregate risk level of the organization.
Use this phase as part of the full blueprint, Develop and Implement a Security Risk Management Program.