Information Risk Management Assessment Tutorial – By Sue McGlashan
SEA carries out Information Risk and Risk Management (IRRM) assessments, based on an answers gathered from an Information Risk Management Questionnaire (IRMQ). Is the process followed by ISEA useful as a starting place for you to assess risks to information under your care? This tutorial will provide partly answered IRMQs, and ask groups to go through evaluating information risk through the answers provided. In true tutorial style, your group will be asked to present your findings. This will give you a chance to take a quick 🙂 look at the process. What is risk? We will use this simple definition, qualitatively: Risk is a measure of the likelihood that a threat will exploit a vulnerability times X the magnitude of impact it does so.