IST 2901 Digital Forensic Examiner
WK5 Three Steps Identification Discussion
In theory, this is much like Risk Management, right? We are protectors, but when something goes south, we need to have clear ways to identify the situation or situations.
Risk assessment is the name for the three-part process that includes:
Let’s start with ‘identification’, shall we? Step one, our organization should conduct risk assessment in a systematic manner. Step two, we must perform risk assessment collaboratively, as a team effort, and involving different stakeholders. Step three, we should always take into account any ‘unique knowledge’ and views.
Okay, now that’s done, what’s next? Well, that is ‘risk analysis’. Here we must learn the nature of the risk(s). During risk analysis, we need to be sure to consider uncertainties, including those with possible negative and positive consequences. Each week, why do I feel like I am disciplining my kids? Please implement the following:
Sources of risk
Likelihood of events
The consequence of those events
The effectiveness of current controls
The effectiveness of potential future controls
Okay, finally, the last piece, Risk Evaluation. During risk evaluation, we should compare the results that our teams have come up with during our risk analysis and compare those to our organization’s existing risk criteria to determine if we need to do more to treat the risk(s) we’re assessing.
During risk evaluation, our organization may choose to:
Consider implementing other risk treatments
Reconsider your organization’s objectives
Return to the risk analysis phase to develop a more thorough understanding of the risk at hand
Outside the scope of digital policies, these Risk policies in my opinion almost serve perfectly.
That’s all I’ve got.