MEHARI 2010: Risk Analysis & Management Processing Guide
Details
This download includes MEHARI 2010- Risk Analysis and treatment Guide. This guide is for managers who want to begin a process of risk management in a business or organization, with the help of MEHARI. MEHARI is notable for the fact that it enables direct, individual management of each risk, in contrast to management methods that are global and provide less differentiation between risks
The key elements are the following:
- Risks must be identified and described by scenarios containing a certain number of specific and precise elements.
- Each risk scenario can be evaluated quantitatively (that is, the risk can be measured) and this evaluation takes into account:
- The intrinsic impact of the risk scenario, which reflects the level of the consequence of the scenario occurring, in the absence of any security measures,
- The intrinsic likelihood of the scenario (or natural exposure to the scenario), which reflects the probability of the scenario occurring, in the absence of any security measures,
- Risk reduction factors are based on the security measures, categorized by the type of effect they have on the impact or likelihood of risk measures and the quality of these measures.
The procedure for evaluating each risk scenario enables security measures to be selected, with qualitative goals for each measure such that the risk can be held below an acceptable level.
The MEHARI approach consists of three phases:
Preparatory Phase:
- Study of the context
- Scope and boundaries
- Technical parameters
Risk assessment operational phase:
- Stakes analysis & assets classification
- Diagnostic of security services
- Risk analysis & assessment
Planning phase for risk treatment:
- Planning of immediate measures
- Planning of other measures
- Oversight & piloting
Getting Started
Click "Book a demo" and our team will provide you with an overview of our content library within the 6clicks GRC platform.More Information
Jurisdiction | All |
---|---|
Type | Project |