Risk Assessment

  Home   : :   Risk Assessment

Risk Assessment

KrishnaBrij Global Pvt. Ltd. has defined the procedure for risk assessment and applied appropriate controls and systems for its treatment/control that:

1. Establishes and maintains information security risk criteria that include:

  • The risk acceptance criteria.
  • Criteria for performing information security risk assessments.

2. Ensures that repeated information security risk assessments produce consistent, valid and comparable results

3. Identifies the information security risks:

  • Apply the information security risk assessment process to identify risks associated with the loss of confidentiality, integrity and availability of information within the scope of the information security management system.
  • Identify the risk owners
single-img-twelve

4. Analyses the information security risks:

  • Assess the potential consequences that would result if the identified risks were to materialize.
  • Assess the realistic likelihood of the occurrence of the identified Risks.
  • Determine the levels of risk.

5. Evaluates the information security risks:

  • Compare the results of risk analysis based on the established risk criteria.
  • Compare the results of risk analysis based on the established risk criteria.

KrishnaBrij Global Pvt. Ltd. has documented procedures for the information security risk assessment process.

Information Security Risk Treatment

The organization has defined and applied an information security risk treatment process to:

  • Select appropriate information security risk treatment options, taking account of the risk assessment results, its impact on the business, cost of mitigation and other issues.
  • Determine the controls that are necessary to implement the information security risk treatment option as deemed fit and implementable as of date for business compliance.
  • Compare the controls determined with those provided in Annex-A of this guideline and ensure that no necessary controls have been omitted.
  • Prepared the Statement of Applicability that contains the necessary controls and justification for inclusions/exclusion, where required.
  • Prepared a formal security risk treatment plan.
  • Obtained risk owners’ approval of the information security risk treatment plan and acceptance of the residual information security risks. This is reviewed with the concerned HOD / Manager only and their approval is taken. The overall risk is certainly discussed with the MD and his consent is taken on the residual risk.