Risk assessment is the overall process of risk identification, risk analysis and risk evaluation. It is an important activity as part of the implementation of an Information Security Management System (ISMS). The implementation of effective security controls depends very much on a reliable risk assessment, so that the right measures can be taken. Also, if an organisation is not implementing an ISMS conforming to ISO 27001, it should still perform risk assessments in an effective way. It should be part of an organisation’s procedure for the implementation and management of a service.
Large e-infrastructures are vulnerable to high-impact security incidents because of the relatively easy way that an incident may spread among partner organisations due to the collaborative services that exist among them. So it is important that each member organisation has a trusted level of implemented security procedures.
The WISE RAW (Risk Assessment Working group) has published an easy to use risk management template with instructions for infrastructures and sites. The template is based on best practices shared by the participating infrastructures. The template is shared with CC-BY license.