This recipe addresses risk assessment, including the definition of risks and threats that will influence your decision on the control objectives and activities you choose. The recipe provides further advice on control selections.
There are several reasons for using a risk assessment approach for your compliance program.
The first reason is already mentioned in recipe 1 step 2. There are several regulatory requirements of which risk assessment is an integral part.
The second reason is that risk assessment allows you to have a systematic approach to your control selection. Risk assessment will make you aware of the kind of risks, threats, and vulnerabilities your company faces with respect to its sensitive data, information systems, employees, and so on. This will provide several advantages to your business. First, you have a better understanding of the true costs of the product you offer. Second, as part of risk assessment, you not only examine the asset...