Types of relevant controls in risk assessment process
The types of relevant controls that are required for this risk assessment are referred to
as the In-place controls and planned controls.
The In-place controls are the existing measures that are running in the operational
system of the Health Network Inc. Recent review of the current risk management of the
organization shows that these controls are not efficient and thus, the three triad of
security (confidentiality, integrity, and availability) of the company is compromised.
The planned controls are those countermeasures that have a specific implementation
date. This kind of control can be likened to be future security plan laid down based on
current threats and vulnerabilities discovered or identified at a certain stage of
organizational development. Thus, it is important that the documentation or reports of
such controls need to be continually checked or reviewed to ascertain whether the
threats and vulnerabilities initially identified persist.
Schedule for risk assessment process
The major stages involved in the risk assessment process includes:
1.
Preliminary stages
a.
Defining the assessment
b.
Reviewing previous findings
2.
Risk Identification stage
a.
Identifying assets and activities to be addressed
b.
Identifying and evaluating relevant threats
c.
Identifying and evaluating relevant vulnerabilities
