Upcoming Banner

Develop and Implement a Security Risk Analysis Program

Every risk you don’t analyze, you are implicitly accepting.


This content requires an active subscription.

Access this content by logging in with your Info-Tech Research Group membership or contacting one of our representatives for assistance.

Speak With A Representative Sign In
or Call: 1-888-670-8889 (US) or 1-844-618-3192 (CAN)

A key aspect of risk management has become the ability to perform formal risk analysis. CISOs and CIOs are expected to be able to analyze any new projects or initiatives and be able to identify the level of risk that is associated with each.

Your Challenge

  • Any IT project or new initiatives requires risk analysis. A process must exist to assess the individual risks that a specific project can bring. Otherwise, there will be a lack of necessary security controls, and the potential of vulnerabilities being exploited increases.
  • Risk analysis is a critical aspect of any risk management program. Any IT initiative or action that takes place must fall in line with the established risk tolerance level of the organization, and ensure there are sufficient security controls in place to move forward.
  • There is no one-size fits all approach. Just as no two companies are the same, no two risk analysis approaches are identical.

Our Solution

  • Our research will help you build out a repeatable risk analysis process that can be used for any IT project or initiative.
  • Walk through the major steps of risk analysis including identification of scope, classification of assets, and determination of the likelihood and impact of threats.
  • As any new IT project or initiative is undertaken, they must be analyzed for the potential risk they possess to ensure it falls within the accepted organizational risk tolerance level.
  • Generic risk analysis processes or templates will not help you. Instead, this blueprint will help you build a risk analysis process that is right-sized to your organization by taking into account specific variables around your organization.
  • This is part of a larger risk management approach that focuses on your risk tolerance, existing controls, and threat model in addition to your risk analysis results.

Talk to our analyst about this Research

Be recognized for your expertise! Participate in an expert interview with one of our analysts and we will showcase your contribution on our upcoming Info-Tech Client Hall Of Fame.

Each interview lasts approximately 30 minutes to 1 hour and provides you with the opportunity to share your best practices, opinions, tools or templates with your peers.

Analyst Interview

Search Code: 80367
Published: April 14, 2016
Last Revised: April 14, 2016