Risk analysis

• Due to the dynamic nature of cyberspace, its threats and vulnerabilities, information systems risk management cannot be a one-time process that has a beginning and an end. It is a continuous and interactive process in which all management levels of the organization participate, as well as every single employee. Its effectiveness is directly dependent on the correct implementation of each of its stages, well-formulated organizational goals, ethical values in the organization and its organizational culture.
• The course of the risk management process consists of several stages – defining the environment, identifying the risk, analyzing the risk, assessing the risk, mitigating the risk, accepting the risk. In parallel with these activities, two more processes are carried out – a communication (information) process and a monitoring and control process.
• As a tool to help achieve goals, risk management is an important component of any organization’s strategy. For this reason, there are a number of standards for the execution of the process. These are ISO 31000, ISO-IEC 27005 and NIST 800-39 (both specializing in information security and information systems), BS 31100 and PMI’s (Project Management Institute) Practice Standard for Project Risk Management. They provide a framework and guidance for building effective risk management technology in various types of organizations.