Skip to main content
Entire section Custom print Text Only Rich Text Print / Save as PDF
Download Original PDF

3.2.1.1 Cyber Security Risk Identification

No: 381000091275 Date(g): 24/5/2017 | Date(h): 28/8/1438 Status: In-Force

Principle

Cyber security risk identification should be performed and should include the Member Organization's relevant assets, threats, existing controls and vulnerabilities.

Objective

To find, recognize and describe the Member Organization's cyber security risks.

Control considerations

  1. Cyber security risk identification should be performed.
  2. Identified cyber security risks should be documented (in a central register).
  3. Cyber security risk identification should address relevant information assets, threats, vulnerabilities and the key existing cyber security controls.