Chair: Urpo Kaila – CSC, EUDAT
Vice-Chair:  Bart Bosma - SURF

Risk assessment is the overall process of risk identification, risk analysis and risk evaluation. It is an important activity as part of the implementation of an Information Security Management System (ISMS). The implementation of effective security controls depends very much on a reliable risk assessment, so that the right measures can be taken. Also, if an organisation is not implementing an ISMS conforming to ISO 27001, it still is of interest to know how to perform risk assessments in an effective way. It should be part of an organisation’s procedure for the implementation and management of a service.

Large e-infrastructures are vulnerable to high-impact security incidents because of the relatively easy way that an incident may spread among partner organisations due to the collaborative services that exist among them. So it is important that each member organisation has a trusted level of implemented security procedures.

This working group has the objective to provide e-infrastructures and their member organisations with guidelines on how risk assessments can be effectively implemented. As input, experience from organisations will be used. At the first WISE meeting some experiences were already presented, e.g. from XSEDE, UNINETT and EGI (https://www.terena.org/activities/ism/wise-ws/agenda.html). Some organisations may consider that information about specific risk assessments cannot be publicly provided and should be kept confidential. The working group should implement policies and procedures which enable, if needed, the exchange of confidential information among selected parties.

GET INVOLVED
Subscribe to the WG mailing list

Draft version of the RAW  Minimum Set Risk Assessment Checklist

Relevant publications: 

Advanced Risk Mitigation of Software Vulnerabilities at Research Computing Centers, Urpo Kaila, CSC - IT Center for Science Ltd.