3.1 Analyse Risk
3.1. The selected area of the analysis
Work in the tool “Analyse Risk”
Assume previous work (Analyse business and environment). Select and describe a number of analysis objects (information assets) for the risk analysis related to an organization-wide risk analysis. Motivate and argue for your choice. Also, describe what criteria you use in the analysis (eg acceptance levels).
3.2 Identify threats and vulnerabilities
Based on the results above, document your identified threats and vulnerabilities. For example, based on incident scenarios checklists or other documentation according to course material. Argue for your choices. Document your results in the tool.
3.3 Perform a risk assessment
Work in the tool Analyse Risk, tab 2 Risk analysis
3.3.1 Identify consequences
Use selected and described the criteria for assessing consequences. Review each threat for each information asset and estimate the consequence. Argue well for your choices.
3.3.2 Identify the likelihood
Use selected and described acceptance criteria for assessing likelihood. Review each threat for each information asset and estimate the likelihood. Use documentation etc according to course material. Use the tool, Tab Risk Analysis. Argue well for your choices.
3.4 Develop action proposals
Work in the tool “Analyse Risk”, tab 2 Risk analysis
Develop proposals for security controls for further work. Be sure to point out which risks are so serious that they should be dealt with promptly. Argue and motivate well for your choices and reflect on how your results affect the current business