...
List of possible participants in a risk assessment workshop:
- Management (defining risk appetite)
- Information Security Manager/Officer
- Risk owners / Asset owners
- Risk assesment facilitator
Risk treatment and residual risk
...
- The organization's ownership of ICT
- Information security policy and guidelines
- Organization of information security
- Resources
- Expertise, skills and safety culture
- Employee safety
- Architecture
- Work processes
- Roles and responsibilities
- Establishment and maintenance of portfolio
- Innovation
- Decision-making by ICT investments
- Acquisition, development and maintenance of ICT systems / services
- Quality assurance
- Supplier relations
- Handling of information assets
- Access control
- Operation and management
- Infrastructure
- Software
- Data communication security
- Cryptography
- Malware and logical attacks
- Social engineering
- Theft or destruction
- Disloyal employees
- Physical and environmental areas
- Geopolitical conditions
- Handling of information security incidents
- Continuity plans
- Compliance with laws, rules and agreements
- Communication
Tools/Aids
- White paper on risk management
- Risk assessment spreadsheet
- WISE - Risk Management Template
- Examples of likelihood (Probability)
- Examples of impact (consequences)
- Overview of risk areas
- Risk inventory