Assessing Risk

With more and more regulations and importance of information security risk management is a growing topic. Especially in my areas of interest, project management and information security.

Interestingly, everyone seems to have an intuitive idea about what risk is. However, learning more about the topic yields more complexity that the topic has. Moreover, neither there is one universe definition of risk nor one way to access risks.

Some standards have even surprising definitions, e.g. FAIR (Factor Analysis of Information Risk) defines

• Threat is anything that is capable of acting resulting in harm
• Vulnerability is the probability that a threat event will become a loss event

Therefore, I’ve started to collect a list of tools and approaches for accessing risks:

[table id=2 /]

Other Overview resources

• Risk Assessment Tools on my blog
• https://managementmania.com/en/risk-management
• WikiPedia: Risk Analysis Methodologies
• Build your own tool (Slideset)