If risk is identified at different levels, e.g. low, medium, high, for different assets, do we take the highest value for that asset or identify the overall risk as the highest?

Question

Accepted Answer

ANSWER When risk is identified at different levels for different assets, it is important to accurately define the risk for each of them. This means that each asset can be assessed based on its own characteristics and threats. The highest value for a given asset will not always correspond to the organization's total risk, as other assets may have different levels of threats and impact on the organization. In such a case, it is necessary to focus on individual risks for individual assets and take

If risk is identified at different levels, e.g. low, medium, high, for different assets, do we take the highest value for that asset or identify the overall risk as the highest?

ANSWER

Read also:

02 June 2026

Czy do spełnienia wymogów ustawy o krajowym systemie cyberbezpieczeństwa (KSC / NIS2) potrzebne jest Security Operations Center (SOC)?

12 March 2026

Jak wdrożyć KSC / NIS2 – zarządzanie ryzykiem

03 March 2026

Jak wdrożyć KSC / NIS2 – zarządzanie incydentami

Przejęcie funkcji IOD

Bezpieczeństwo klienta to dla nas priorytet