A centralised cyber security risk register is a document that includes information about an organisation’s threat environment.
It contains information on potential cyber security risks, and usually acts as evidence that an organisation has implemented an ISMS (information security management system).
Risk registers are especially important for organisations implementing ISO 27001, as it’s one of the first thing that auditors review when assessing the company’s compliance posture.
But how do you create a cyber security risk register? We explain everything you need to know in this blog.
How do centralised risk registers work?
A centralised risk register often takes the form of a spreadsheet, although there are dedicated software tools, such as vsRisk, that organisations can use to help complete the process.
However they are produced, they should contain a list of every risk the organisation has identified and their scores according to its risk evaluation process.
The risk register also prioritises risks depending on their scores and documents the status of existing controls to address the risk as well as plans to review or strengthen those controls.
By completing a risk…
