Built on the solid work done in the Binary Risk Assessment, the Forward Point Risk Process simplifies the initial security risk assessment one step further.
Created to be simple to understand and easy to follow, this process provides the first look at security risks associated with an asset, a situation, software, a person, and everything in between. Once the risk is calculated, a conversation needs to happen with the risk owner to further understand whether the assumptions were right or a new assessment needs to quickly be performed. It’s all about the ability to communicate risk and talk about it.
It is important to mention that each business or organization needs to define what “skill”, “defenses”, “significant business value”, and “complete failure” means; these are the parameters that will enable a correct approach to answering the four questions to calculate likelihood and impact.
If you need to assess the risk of bringing a new vendor or SaaS solution, then first follow the steps below. It will help you understand whether you have risk or not to begin with.