摘要 |
The invention provides a method for assessing risk within an organization, comprising: defining one or more zones ( 2 ), each of the one or more zones comprising an environment; identifying one or more assets ( 4 ) of the organization, each of the assets being located in a respective one of the zones; conducting a respective impact assessment ( 6 ) for each of the assets, each assessment comprising assessing the impact of the loss of the respective asset; conducting for each of the zones a respective zone risk assessment ( 8 a), comprising assessing the risk level associated with placing a respective asset within the respective corresponding zone; and conducting for each asset a respective asset risk assessment ( 8 b), comprising assessing the risk level associated with the respective asset independent of the respective zone of the respective asset; and assessing risk on the basis of at least the impact assessment, the zone risk assessments and the asset risk assessments. The invention also provides a risk management method, comprising assessing risk according to the method described above and managing said risk. |