Security Policy: Difference between revisions
Jump to navigation
Jump to search
| Line 105: | Line 105: | ||
::(b) identify the risk owners; | ::(b) identify the risk owners; | ||
:4. Analyses the information security risks: | :4. Analyses the information security risks: | ||
::(a) assess the potential consequences that would result if the risks identified were to materialize; | ::(a) assess the potential consequences that would result if the risks identified in [[Security_Policy#Information_security_risk_assessment|3.1.2]].3 (a) were to materialize; | ||
::(b) assess the realistic likelihood of the occurrence of the risks identified; and | ::(b) assess the realistic likelihood of the occurrence of the risks identified in [[Security_Policy#Information_security_risk_assessment|3.1.2]].3 (a); and | ||
::(c)determine the levels of risk; | ::(c)determine the levels of risk; | ||
:5. Evaluates the information security risks: | :5. Evaluates the information security risks: | ||
::(a) compare the results of risk analysis with the risk criteria established; and | ::(a) compare the results of risk analysis with the risk criteria established in [[Security_Policy#Information_security_risk_assessment|3.1.2]].1; and | ||
::(b) prioritize the analysed risks for risk treatment. | ::(b) prioritize the analysed risks for risk treatment. | ||