Chair: Urpo Kaila – CSC, EUDAT
Vice Chair: Bart Bosma – SURF
Risk assessment is the overall process of risk identification, risk analysis and risk evaluation. It is an important activity as part of the implementation of an Information Security Management System (ISMS). The implementation of effective security controls depends very much on a reliable risk assessment, so that the right measures can be taken. Also, if an organisation is not implementing an ISMS conforming to ISO 27001, it still is of interest to know how to perform risk assessments in an effective way. It should be part of an organisation’s procedure for the implementation and management of a service.
Large e-infrastructures are vulnerable to high-impact security incidents because of the relatively easy way that an incident may spread among partner organisations due to the collaborative services that exist among them. So it is important that each member organisation has a trusted level of implemented security procedures.
This working group has produced the WISE Risk Management Template and accompanying guidelines, to provide a starting point for e-infrastructures and their member organisations for effectively implementing a risk assessment process. Some organisations may consider that information about specific risk assessments cannot be publicly provided and should be kept confidential. The working group should implement policies and procedures which enable, if needed, the exchange of confidential information among selected parties.