1 / 8

Security Risk Assessment

Security Risk Assessment. Management How-To Guide. Information to perform the Security Risk Assessment (SRA). The SRA is designed to get a comprehensive report of your overall level of risk and provide recommendations intended to lower those levels of risk.

stillman
Télécharger la présentation

Security Risk Assessment

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Risk Assessment Management How-To Guide

  2. Information to perform the Security Risk Assessment (SRA) The SRA is designed to get a comprehensive report of your overall level of risk and provide recommendations intended to lower those levels of risk. Before you begin your risk assessment, here are a few Frequently Asked Questions you’ll want to look at: Q: If I’m not 100% sure of my answer, does it matter? A: The goal of a Security Risk Assessment is to analyze your organization for any security gaps or weaknesses that cybercriminals could exploit to access your network. It is in your best interest to be as thorough and accurate in your Risk Assessment responses as possible. Q: I really don’t know how to answer this question. What if my information is inaccurate? A: Accurate information will enable our team to produce the most appropriate findings and recommendations on your Risk Assessment report. This will also allow for your organization to assess how we can better protect you and your business. Providing incorrect information will result in an inaccurate Risk Assessment which can lead to lost time and money on unnecessary recommendations. In addition, in the event of an audit situation, any information which cannot be fully supported in your Risk Assessment may result in additional penalties. Please contact us if you need any assistance with providing information or answering questions. Q: Do you share my answers with any other party? A: No, the information you provide in our portal is confidential and will not be shared with any other party.

  3. Steps to Performing your Security Risk Assessment (SRA) Step 1: Using your Manager account credentials, log into the PII-Protect portal here. Note: Individuals registered as Employees will be unable to access the Security Risk Assessment and should be upgraded to Manager access. Step 2: Once you log into the portal, scroll down to the Quick Links. Under the SRA category click, Perform Security Risk Assessment.

  4. Steps to Performing your Security Risk Assessment (SRA) Step 3: Once you’ve selected “Perform Security Risk Assessment”, it’s time to fill out the Organization Profile. Do this by selecting the blue arrow in Step 1. - Completing the Organization Profile is a way for you to give us information about your company, such as which systems contain Personally Identifiable Information (PII). - Once you have filled in all the necessary information in each tab, (Note: there are a total of 8 sections [tabs] that must be completed) click save. Note: You can click save at any time to save the information you have entered and continue filling out the Organization Profile at a later time.

  5. Steps to Performing your Security Risk Assessment (SRA) Step 4: Once you have completed the Organization Profile, the next step is to answer the Security Risk Assessment questions. To begin, click on the blue arrow in Step 2. Note: If you are no longer in the Security Risk Assessment section of the portal, you will need to return to this section to begin the questionnaire.

  6. Steps to Performing your Security Risk Assessment (SRA) Step 5: The Risk Assessment questionnaire asks specific questions on how you are currently protecting Personally Identifiable Information (PII). Each question has a detailed explanation to help you choose the appropriate answer. - There are several sections (tabs) of questions in the questionnaire. After answering the group of questions in each tab, click Save and next to move on to the next tab/set of questions. - A completed section will be labeled with a green checkmark and incomplete sections will have a red X to illustrate that some questions have not yet been answered. - Once you have gone through each section/all of the questions and ensured that a green checkmark appears on each tab, click Submit. Note: Similar to the Organization Profile, you can save your answers and pick back up where you left off at a later time. !! Important: All information must be filled out in the Organization Profile and all questions must be answered in order for us to complete your Risk Assessment. Please ensure that all required sections have been completed before marking your Risk Assessment complete.

  7. Steps to Performing your Security Risk Assessment (SRA) Step 6: The next step in the Risk Assessment process is to upload any existing written Policies and Procedures that your organization may have. This can be done by clicking on the blue arrow in Step 3 Note: If you are no longer in the Security Risk Assessment section of the portal, you will need to return to this section to upload your Policies and Procedures. - Note: if you do not have any existing Policies regarding how your organization protects PII (I.e. employee termination policy, data backup policy, disaster recovery procedure, etc.), this section can be skipped. • - To upload an existing Policy, perform the following • steps (after you’ve clicked on the blue arrow in Step 3): • At the top of the screen under Actions, click on New Other Policies and Procedures. • Enter the Name of the Policy • Enter a Description of the Policy • Enter Policy Details (optional additional information) • Click on Choose File and select the file with the existing policy (could be a Microsoft Word document or a PDF) • Click Save • Repeat the above steps if you have additional policies or procedures to upload

  8. Steps to Performing your Security Risk Assessment (SRA) Step 7: The final step in the process is to let us know that you have finished entering all the information in each of the required sections by marking your Risk Assessment complete. - From the Perform Risk Assessment section of the portal, select the blue arrow in Step 4. - A pop-up will appear confirming that you wish to mark your Risk Assessment complete. - Click Mark Complete. After you have marked the Risk Assessment complete, we will receive notification that you have completed your portion of the Risk Assessment. We will then begin producing your Risk Assessment report and will notify you once it has been completed. If you have any questions, feel free to use the Contact Us link on the bottom of the portal home page under the Feedback Quick Link.

More Related