Risk analysis and assessment transforms the view of identified risks through a real economic assessment of the possible consequences, but also quantifies the costs of implementing the measures that are necessary to eliminate the risk. At this stage, there are a number of approaches from which an organization should choose its own, optimal compromise between complex calculation and simple estimation. The organizations covered by the Cyber Security Act have a directly defined risk analysis methodology. For example, a realistic estimation of the likelihood of occurrence of a threat can be used to construct a risk rate matrix for assets and estimate the level of risk.
On the basis of the level of risk, it is then decided whether the risk is acceptable or requires the application of measures. Risk management also includes evaluating claims for application of measures and comparing them with the level of risk and potential implications for the organization for more realistic threats. The organization chooses the risk consciously and objectively the acceptable level of risk, avoids risk by applying measures, or delegates risk to third parties.
Main elements of WebArat risk analysis
- Risk analysis methodology according to customer requirements
- Acceptable level of risk
- Risk Management Plan
- Modifiable levels of categories and their counts