Having an early knowledge of what security risks your organization goes through matters importantly in developing appropriate and proportionate security mitigation steps. There is a range of risk assessment frameworks, which all abide by the same principles:

  • Pinpoint the critical assets in your organization.
  • Pinpoint the threat (depending on the purport and efficiency of those who could deal with the threat).
  • Evaluate the odds of the threat taking place in your organization.
  • Evaluate the impact on your business if the threat came to pass.
  • Assess the appropriateness of prevailing countermeasures.
  • Suggestions of new balanced strategies to minimize security risks.

The risks that have been pinpointed are then exploited to notify the security mitigations that you implement. Executing a security risk evaluation is instrumental in helping security managers audit, and communicate to the Executive Board, the security risks to which an organization is exposed.

CPNI has developed a risk assessment framework to help organizations center on the insider threat. The process is hinged on employees (their job roles), their access to their organization’s critical resources, risks that the job role poses to the organization and adequacy of the existing counter-measures.

Working through the CPNI personnel risk-assessment framework will help organizations:

  • Conduct security risk assessments in a robust and transparent way.
  • Rank the insider risk to an organization.
  • Assess the existing countermeasures and classify suitable new steps to mitigate the risks.
  • Assign security resources (personnel, physical or cyber) in a fashion, which is cost-effective and balanced.