13. Risk Identification
In the world of cyber, identifying risks is not a one-and-done activity. It’s a recurring process of identifying different possible risks, characterizing them, and then estimating their potential for disrupting the organization.
This involves looking at the organization and analyzing its unique situation. Security professionals know their organization’s strategic, tactical, and operational plans.
Takeaways to remember about risk identification:
- Identify risk to communicate it clearly.
- Employees at all levels of the organization are responsible for identifying risk.
- Identify risk to protect against it.
Security professionals are likely to assist in risk assessment at a system level, focusing on process, control, monitoring, or incident response and recovery.