Resources Tagged with 'risk assessment'

Intel has developed a process and tool that combines general business and information security risk assessment methodologies, establishing a consistent, repeatable process to produce more comprehensive risk profiles. When used individually, these two distinct and previously disconnected methods leave gaps in the risk landscape. Our Risk Assessment Program Lite database tool combines these methods, filling in the gaps; it prioritizes risks and displays risk rankings in a color-coded graphical format. With a more complete picture of the risk landscape, we can focus our resources on those that are most critical and better protect Intel.

Ruthlessly attack your own enterprise? That’s right. Intel’s IT uses wargaming as a risk assessment methodology to provide actionable information about real world threats and vulnerabilities to their computing environment. Get the details from this recent Intel Premier IT Professional best practices presentation.

RAPLite is a database application that provides functionality to perform a qualitative risk assessment. The program supports two industry standard risk assessment techniques combined into a single application using a consolidated risk assessment methodology. General business risks can be identified and prioritized using a risk statement, likelihood and impact method. Information security specific risks can be quantified using a threat, vulnerability, consequence method. Both methods are combined such that the output of the program is a graphical risk profile and prioritized ranking of all identified risks. The application is a complied version of Microsoft Access* and requires that Access 2003 is installed on the PC running the program.

There are a variety of methods to measure risk. By consolidating methods, aligning to industry standards, and assigning threats and vulnerabilities to specific business risks, Intel IT has brought some consistency to the risk assessment process. Mark Goldsmith, Manager of Risk and Threat Analysis at Intel, presents the results in this Intel Premier IT Professional local seminar presentation. Do any of these risk assessment strategies work for your organization? Are there additional areas that you think should be considered in a risk assessment methodology?