Identify and evaluate the assets of the client and its stakeholders
1. gather relevant information from different sources sufficient to identify and evaluate assets of the client and its stakeholders
2. collate and take account of all relevant information to support the evaluation of assets of the client and its stakeholders
3. use logical and systematic analysis of information to evaluate assets of the client and its stakeholders
4. determine the potential impact to the client organisation through the loss of identified assets of the client and its stakeholders
5. take account of critical requirements that could impact on the security of the assets of the client and its stakeholders
6. prioritise the value of identified assets in accordance with criteria agreed with the clients
7. evaluate relevant information according to its usefulness
8. maintain the security and confidentiality of information relevant to the assets and requirements
Identify and evaluate threats to and vulnerabilities of the assets and security arrangements of the client and its stakeholders
9. gather relevant information from different sources and conduct trend analysis
10. Identify and evaluate threats to and vulnerabilities of the assets and security arrangements of the client and its stakeholders
11. collate and take account of all relevant information to support the evaluation of threats and vulnerabilities, including the sources of threats
12. use logical and systematic analysis of information to identify and evaluate threats to and vulnerabilities of the security of the assets and security arrangements of the client and its stakeholders
13. through the risk assessment process categorise threats and possible methods of attack on assets and potential security arrangements
14. maintain the security and confidentiality of information relevant to threats and vulnerabilities to the assets and security arrangements of the client and its stakeholders
Determine the security risks to the assets of the client and its stakeholders
15. establish the levels of security risk and tolerance to the assets of the client and its stakeholders based on systematic analysis and evaluation of threats and vulnerabilities
16. inform the client and its stakeholders promptly of situations where there are imminent security risks to assets
17. produce reports that contain accurate and complete details of security risk and security measure options, where applicable
18. record information in a suitable and retrievable format
19. maintain the security and confidentiality of information relevant to security risks to the assets of the client and its stakeholders