📄️ SWOT Analysis Overview
As part of the methodology, SWOT analysis (Strengths, Weaknesses, Opportunities, Threats) serves as a strategic tool to evaluate and contextualise risks throughout the process. Specifically:
📄️ The 8 steps methodology overview
Introduction: From Risk Demand to Actionable Insights
📄️ Step 1: Add a Risk
Adding a risk is the first step in identifying and addressing potential threats or vulnerabilities within your organisation. This section outlines the process for creating and managing risks effectively.
📄️ Step 2: Define the Risk Profile
Risk identification will now be performed through the Risk Profiling Module.
📄️ Step 3: Assess the Inherent Risk
Inherent risk refers to the level of risk that exists in the absence of any mitigating controls or measures. It represents the natural level of risk that arises from the characteristics of a specific activity, process, or system before considering any efforts to reduce or manage the risk.
📄️ Step 4: Assess the Current Risk
Current Risk refers to the level of risk that remains after existing controls and mitigation measures are applied. It represents the residual risk in the current operating environment, taking into account the effectiveness and maturity of implemented controls, policies, and measures.
📄️ Step 5: Recommend controls
Recommended Controls are specific measures, policies, or practices proposed to mitigate identified risks and align an organisation's security posture with its risk management objectives.
📄️ Step 6: Assess the Target risk
Target Risk refers to the desired level of risk an organisation aims to achieve after implementing all planned risk mitigation measures and controls. It reflects the organisation's risk appetite, tolerance levels, and alignment with strategic goals, compliance requirements, and risk management policies.
📄️ Step 7: Submit for Risk Response
Workflow not enforced
📄️ Step 8: Provide a Risk Response
At this stage, the risk assessment demand requester must provide risk responses for each identified risk to ensure proper handling and alignment with the organisation's risk management strategy.