ALERT

[FREE DEMO] Deploy Your Enterprise Cloud in Minutes

Risk Assessment Framework (RAF)

Definition - What does Risk Assessment Framework (RAF) mean?

A risk assessment framework (RAF) is an approach for prioritizing and sharing information about the security risks posed to an information technology organization. The information should be presented in a way that both non-technical and technical personnel in the group can understand. The view on the RAF provides assistance to organizations in identifying and locating both low and high-risk areas in the system that may be susceptible to abuse or attack.

Techopedia explains Risk Assessment Framework (RAF)

The data that RAFs provide is beneficial for addressing potential threats and planning costs and budgets. Many RAFs are already accepted as standards in several industries. A few examples include the Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) from the Computer Emergency Readiness Team, the Control Objectives for Information and Related Technology (COBIT) from the Information Systems Audit and Control Association, and the Risk Management Guide for Information Technology Systems from the National Institute of Standards.

Like other frameworks, there is are guidelines for creating RAFs that needs to be followed:

  • Inventory and Categorization: Group the information systems, whether internal or external, into categories and differentiate their processes.
  • Identify Potential Risks: Look for threats, vulnerabilities and risks that the system might encounter. Natural occurrences such as calamities or power outages should be taken into consideration in addition to malware attacks.
  • Implement and Assess: Based on the discussion of potential risks, implement corresponding security controls for data security. Assess and document the findings on how the controls are functioning and contributing to risk reduction.
  • Authorize and Monitor: Authorize the operations of the system by determining procedure, the risk to organizational operations and assets, individual strengths and weaknesses, and other factors that will contribute to the welfare of the operations. Monitoring of the security controls is an ongoing process that includes the assessment of the effectiveness of the security controls, documentation of the changes, implementation of the discussed solutions, and presentation of the state of the system to appropriate organizational personnel.

Techopedia Deals

Connect with us

Techopedia on Linkedin
Techopedia on Linkedin
Tweat cdn.techopedia.com
"Techopedia" on Twitter


'@Techopedia'
Sign up for Techopedia's Free Newsletter!

Email Newsletter

Join thousands of others with our weekly newsletter

Resources
The 4th Era of IT Infrastructure: Superconverged Systems
The 4th Era of IT Infrastructure: Superconverged Systems:
Learn the benefits and limitations of the 3 generations of IT infrastructure – siloed, converged and hyperconverged – and discover how the 4th...
Approaches and Benefits of Network Virtualization
Approaches and Benefits of Network Virtualization:
Businesses today aspire to achieve a software-defined datacenter (SDDC) to enhance business agility and reduce operational complexity. However, the...
Free E-Book: Public Cloud Guide
Free E-Book: Public Cloud Guide:
This white paper is for leaders of Operations, Engineering, or Infrastructure teams who are creating or executing an IT roadmap.
Free Tool: Virtual Health Monitor
Free Tool: Virtual Health Monitor:
Virtual Health Monitor is a free virtualization monitoring and reporting tool for VMware, Hyper-V, RHEV, and XenServer environments.
Free 30 Day Trial – Turbonomic
Free 30 Day Trial – Turbonomic:
Turbonomic delivers an autonomic platform where virtual and cloud environments self-manage in real-time to assure application performance.