Risk Assessments
What is a risk assessment and why is it important?
Risk management is the ongoing process of identifying, assessing, and handling risks. To manage risk, organizations should understand the likelihood that an event will occur, and the potential impact should it occur. With this information, organizations can determine the level of risk that they consider acceptable for achieving their objectives and can express it as their risk tolerance.
With an understanding of risk tolerance, organizations can prioritize their assessment activities, and make informed decisions about risk-related expenditures. Implementation of a risk management program offers an organization the ability to quantify their risk, and to communicate planned adjustments to their operation. Organizations may choose to handle risk in different ways, including mitigating the risk, transferring the risk, avoiding the risk, or accepting the risk, depending on the potential impact to the organization.
How does Definitive help facilitate this process?
Risk assessments and risk handling typically begin with the use of a risk framework, such as the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity, v1.1.
Definitive’s role is to: facilitate the weighting of the assessment functions, categories, and subcategories that will be used by the assessment team to ensure they reflect the relative importance to the mission and objectives of the organization; aggregate the results of the assessment(s); analyze the assessment data; and facilitate the decision-making process.
Definitive also assists the customer by managing the business process, developing job aids and reports, and providing and maintaining the support tools, such as Definitive Pro™ and Microsoft SharePoint.
In this example, an organization is conducting a risk assessment using the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity, v1.1.
In this example, an organization is conducting a risk assessment using the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity, v1.1.
Collaboration
Definitive Pro™ enables the assessment team to collaborate anytime, anywhere, using any device. By making it easier to participate, we: bring together representatives from across the organization; promote teamwork; and improve cross-functional insight.
Prioritization
Definitive Pro™ uses the Analytic Hierarchy Process (AHP) to accurately establish the relative importance of the assessment criteria, and efficiently capture and aggregate assessment data. The consistent and transparent scoring process yields greater consensus and buy-in than other approaches.
Optimization
Definitive Pro™ employs the Gurobi optimizer®, a state-of-the-art mathematical programming solver for optimizing the allocation of resources. The Gurobi optimizer can quickly identify the set of remediation actions that minimize risk exposure, while satisfying all dependencies and constraints.
Faster and better decisions — Justifiable decision rationale — Historical record of decisions
Definitive Pro™ also powers group decision support for:
- Budget Formulation
- Business Opportunity Selections
- Business Partner Selections
- IT Demand Management
- Merger & Acquisition Selections
- Organizational Cost Savings
- Personnel Selections
- Product and Feature Selections
- Requirements Prioritization
- Strategic Investment Selections
- Strategy Development
- Surveys and Audience Response
- Vendor Selections