Discussion

/in /by
Risk Assessment Discussion Discussion

Frequently, the Risk Hunting activity (above) leads to an extended discussion on its own when teams take turns presenting their findings. However, if time remains, trainers may wish to have participants sit in a circle or semicircle, so they can address one another.
The following questions may help start the discussion. Trainers are welcome to add to this list or improvise as they see fit.
As always, trainers should encourage each person to speak up. It is likely that some have thought carefully about the issues; others
may not have thought too much. This exercise will likely reveal some interesting practices, which makes for a rich discussion.

Risk classification refers to the grouping of organizational assets by their likely impact or estimated costs, occurence and any measures required to counter them. There are three main categories of risks in Digital security. These include:

  1. No Risk:
    These are organizational assets that if breached pose no risk whatsoever to the organization. Such assets may include office furniture and any other asset that doesn’t store data.
  2. Low Risk:
    Organizational assets that store data that if breached, pose no serious risk to the organization. Such assets usually store data that is intended for public disclosure and therefore if breached would have no effect on the organization’s mission, finances, operation and life safety.
  3. Medium Risk:
    Organizational assets are classified as medium risk if the data stored on such assets is not generally available to the public, or
    The loss of confidentiality, integrity, or availability of the data or system has:
    •No impact on the organization’s mission and potentially a moderate risk to reputation,
    •At most a mild impact on the organization’s finances,
    •At most a mild risk to the security of other systems protecting data,
    •No risk to life safety.
  4. High Risk:
    Organizational assets are classified High risk if:
    •The loss of confidentiality, integrity, or availability of the data or asset could have a significant adverse impact on the organization’s mission, safety, finances, and/or reputation.
    Example of risks
    •Organization or individual data loss.
    •Safety or health risks related to a location, lifestyle, occupation or activity. …
    •Potential to stop or delay an ongoing project thereby affecting its sustainability
    •Financial loss incurred when trying to recover
    •Time taken to recuperate from loss
    •Negative impact on the reputation of the institution or individual affected.
Previous Lesson
Back to Lesson
Next Topic