BookmarkSubscribeRSS Feed
☑ This topic is solved. Need further help from the community? Please sign in and ask a new question.
MohsinRaza
Calcite | Level 5

Hi,

I am a new user on Governacne & Compliance Manager. We are considering following two approaches to standardize our regular risk assessments.

 

1. Collect asset information against each risk assessment activity and add risks, threats and vulnerabilities against each risk assessment every time and evaluate control effectiveness. In this approach risks, assets, and vulnerabilities might have duplications, but we can start with tiny steps.

 

2. Collect complete asset inventory, potential risks, threats and vulnerabilities and upload into the system. For each risk assessment we can select associated assets, risks, threats and vulnerabilities from already uploaded data and evaluate control effectiveness against each risk assessment exercise.

 

Can someone please guide what is the right approach to move forward with a consistent and sustainable approach.

Thanks, 

1 ACCEPTED SOLUTION

Accepted Solutions
KPotter
SAS Employee

the second approach is the likely more effective approach. Building your inventory of assets, risks, controls, threats etc, allows you to reuse those for assessments and builds up a history of where those are used for further analysis later on.  

 

Hope that helps!

 

 

View solution in original post

2 REPLIES 2
KPotter
SAS Employee

the second approach is the likely more effective approach. Building your inventory of assets, risks, controls, threats etc, allows you to reuse those for assessments and builds up a history of where those are used for further analysis later on.  

 

Hope that helps!