Task: Review Risk Context
Disciplines: Risk Management
Relationships
Main Description

Review and understand the context in which risks are to be analyzed. Identify both internal and external context.  Define the goal of the risk assessment.  Identify standard criteria against which risks will be assessed.  Examine background documents, interview subject matter experts, etc.

Many different triggers may cause risks to be identified.  Examples include:

  • Audits may identify security issues
  • Changes in security policy
  • Regulatory changes
  • Proposed or real changes in the IT or business environment
  • New project proposals
  • Identified security issue from audit or checking

Risk identification may also be a task that is performed on a periodic basis.