Risk Assessment ExampleFor Small-Medium Enterprises (SMEs)

Created by Imran Ahmed (ImranahmedIT) www.imran-ahmed.co.uk

Introduction

Risk assessment is the determination of

quantitative or qualitative value of risk

related to a concrete situation and a

recognized threat (also called hazard).

Created by Imran Ahmed (ImranahmedIT) www.imran-ahmed.co.uk

Risk Assessment

Risks assessments are normally based on a scale

(i.e.1-5 or 1-10)

The main analysis consists of the following:

Type of Risk

Risk Management

Risk Outcome

It also includes a figure on the severity of each risk by

calculating the probability figure multiplied by the

impact figure

Created by Imran Ahmed (ImranahmedIT) www.imran-ahmed.co.uk

Risk Table (1)

Created by Imran Ahmed (ImranahmedIT) www.imran-ahmed.co.uk

*(Risk assessment is based on a scale of 1 - 10 with 1 being the lowest)

Risk Probability ImpactRisk

ExposureRisk Management Risk Outcome

Carrying mobile

devices or

removable media

e.g. USB, laptop

7 10 70System should only be connectible when

set up by IT department

Keep data secure and help to connect to the systems

safely and securely to prevent any data breaches.

Control of Staff

Access 8 8 64 Monitor staff control

Protect personal information and track which staff

members accessed which data at any given time in

case of any damage done accidentally or

purposefully.

Staff not using

strong encryption

to access system

5 8 40

Create password rules (e.g. have to

include 1 special character) for maximum

security and ensure they follow security

procedures outlined in the relevant

policy.

Keeps data more protected and make it much harder

for unauthorised users to break into the system to

steal data.

Lack of

knowledge for

staff

4 8 32Keep staff updated regularly, e.g. weekly

announcements.

To ensure staff are aware of the risks involved so

they can work with each other to keep personal

information secure and help reduce chances of data

breaches.

Risk Table (2)

Created by Imran Ahmed (ImranahmedIT) www.imran-ahmed.co.uk

*(Risk assessment is based on a scale of 1 - 10 with 1 being the lowest)

Risk Probability ImpactRisk

ExposureRisk Management Risk Outcome

Hardware failure

/ Software failure3 10 30

Have backups for server onsite and at an

offsite location

Protect information in case of fire or other disaster

so it can be recoverable with minimum downtime.

Finger print data 2 8 16Secure system with heavy encryption and

physical security if required.

Protect personal information from unauthorised

users.

Keeping

information

accurate

2 4 8

Ensure information is accurate and up to

date by constantly updating files when

information has been provided and

ensure old records are safely destroyed.

Ensures data is valid and old versions are not stored

which may cause confusion. It also helps ensure safe

destruction of old data that was held.

Ensure

information is

complete and

preserved.

1 5 5Ensure information is complete and

preserved to keep its integrity.

To ensure completeness of information so there are

no misinterpretations of data.

Thanks for reading!

If you like to contact me, feel free to head over to my website: www.imran-ahmed.co.uk

You can also see my other SlideShare presentations

Alternatively, visit my Blog page

Any feedback welcome: imran@imran-ahmed.co.uk

Created by Imran Ahmed (ImranahmedIT) www.imran-ahmed.co.uk