Risk Assessment Approach for SMEs



Risk Area 2: Operational Practices

Operational practices focus on technology-related issues dealing with how people use, interact with, and protect technology. They are subject to changes as technology advances and new or updated practices arise to deal with those changes. An example of typical operational practice areas usually includes: Physical security, Information Technology Security, Staff Security.



Risk Area 3: Financial Stability

Financial Stability profile is also considered to have sensitive financial information. An organization handling customers’ money and responsible for transactions is required to protect the privacy of its customers. The organization’s security policy should explicitly require role-based access to information. Apart from access control mechanisms, this profile covers also the issues of Application and Interface Security, Business Continuity, Encryption, Human Actors, etc.



Risk Area 4: Reputation and Loss of Citizen’s Service

Reputation and Loss of Service profile considers a broad range of potential threat sources and allows an organization to identify the threats to its critical assets based on known potential sources of threat like Human Actors, System Problems, Physical Access problems, etc