GOTO main content
main content

Security Risk Assessment and Audit

Security risk assessment and audit is an ongoing process of information security practices to discovering and correcting security issues. They involve a series of activities :

  1. Security risk assessment is the initial step in evaluating and identifying risks and consequences associated with vulnerabilities, and providing a basis for management to establish a cost-effective security program.
  2. Based on the assessment results, appropriate security protection and safeguards should be implemented to maintain a secure protection framework. This includes developing new security requirements, revising existing security policies and guidelines, assigning security responsibilities and implementing technical security protections.
  3. With implementation of secure framework, there is also need for constant monitoring and recording so that proper arrangements can be made for tackling a security incident.
  4. This step is followed by a cyclic compliance review and re-assessment, designed to provide assurance that security controls are put into place properly in order to meet users' security requirements, and to cope with rapid technological and environmental changes.

Security Risk Assessment vs Security Audit

Security risk assessment is the process to identify, analyse and evaluate the security risks, and determine the mitigation measures to reduce the risks to an acceptable level. The risk assessment is an integral part of a risk management process designed to provide appropriate levels of security for information systems. It helps identify risks and consequences associated with vulnerabilities, and to provide a basis to establish a cost-effective security program and implement appropriate security protection and safeguards.

An information security audit is an audit on the level of compliance with the security policy and standards as a basis to determine the overall state of the existing protection and to verify whether the existing protection has been performed properly.

Related information about Security Risk Assessment and Audit, please see the information below :
Level AA conformance, W3C WAI Web Content Accessibility Guidelines 2.1