GDPR questions and answers

GDPR: QUESTIONS AND ANSWERS

Category:
Risk

If risk is identified at different levels, e.g. low, medium, high, for different assets, do we take the highest value for that asset or identify the overall risk as the highest?

ANSWER

When risk is identified at different levels for different assets, it is important to accurately define the risk for each of them. This means that each asset can be assessed based on its own characteristics and threats. The highest value for a given asset will not always correspond to the organization's total risk, as other assets may have different levels of threats and impact on the organization. In such a case, it is necessary to focus on individual risks for individual assets and take appropriate remedial actions for each of them.

Read also:

Receive a free package of 4 tutorials and 4 e-learning trainings
The controller of your data is ODO 24 sp. z o. o.
Managing risk at different levels across assets | ODO 24 | ODO 24