Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Chair: Urpo Kaila – CSC, EUDAT
Vice-Chair:  Bart Bosma - SURF

Risk assessment is the overall process of risk identification, risk analysis and risk evaluation. It is an important activity as part of the implementation of an Information Security Management System (ISMS). The implementation of effective security controls depends very much on a reliable risk assessment, so that the right measures can be taken. Also, if an organisation is not implementing an ISMS conforming to ISO 27001, it still is of interest to know how to perform risk assessments in an effective way. It should be part of an organisation’s procedure for the implementation and management of a service.

Large e-infrastructures are vulnerable to high-impact security incidents because of the relatively easy way that an incident may spread among partner organisations due to the collaborative services that exist among them. So it is important that each member organisation has a trusted level of implemented security procedures.

This working group has produced the WISE Risk Management Template and accompanying guidelines, to provide a starting point for e-infrastructures and their member organisations for effectively implementing a risk assessment process. Some organisations may consider that information about specific risk assessments cannot be publicly provided and should be kept confidential. The working group should implement policies and procedures which enable, if needed, the exchange of confidential information among selected parties. At the first WISE meeting some experiences were already presented, e.g. from XSEDE, UNINETT and EGI (https://www.terena.org/activities/ism/wise-ws/agenda.html).


GET INVOLVED
Subscribe to the WG mailing list

Tools:

WISE Risk Management Template v1.0

WISE Risk Management Template v1.1

WISE Risk Management Template Instructions v1.1

Relevant publications: 

Advanced Risk Mitigation of Software Vulnerabilities at Research Computing CentersUrpo Kaila, CSC - IT Center for Science Ltd.

SURF Cyber Threat Assessment Reports (Bart Bosma, SURFnet)