Risk Management

Risk management is a cycle of identifying, assessing, and mitigating risks to achieve an organization's objectives. The process is iterative and continuous, involving several key steps:

1. Risk Identification: Recognizing potential risks that could affect the organization. This includes identifying internal and external factors that could pose threats.

2. Risk Assessment: Evaluating the identified risks to understand their potential impact and likelihood. This step often involves qualitative and quantitative analysis to prioritize risks based on their severity.

3. Risk Mitigation/Control: Developing strategies and actions to reduce the likelihood and/or impact of risks. This might include implementing policies, procedures, or physical controls to manage risks.

4. Risk Monitoring and Review: Continuously tracking identified risks and the effectiveness of risk mitigation strategies. This step ensures that risks are controlled and any changes in the risk environment are detected and managed promptly.

5. Risk Communication and Reporting Ensure that relevant stakeholders are informed about risks and the measures in place to manage them. Effective communication helps maintain transparency and supports decision-making processes.

6. Risk Review and Improvement: Regularly review and update the risk management process to ensure its effectiveness and make necessary adjustments based on new information or changes in the organization's environment.

This cyclical process helps organizations proactively manage risks and improve their resilience against potential threats.
As a project administrator, switch to "project settings" and select "Governance, Risk & Compliance" as a sub-menu item of "Apps." Then, choose "objects" to define your company's hazards, processes, and all relevant departments. Finally, specify your email notifications, such as auto-reminders for re-assessments per risk class or email escalations of overdue measures.
Please click „Risk Management“on the left side of the bar. Then, you can create your assets, link them to Jira Insight Assets if available, create asset categories and define hazards per category, create relevant risks per asset/asset group or asset-neutral for your company in general, force risk assessments by all responsible persons in charge, define measures and trace them via Jira workflows. Also, as a responsible person in charge or an information security officer (ISO), you can export your assets into a WORD document containing all related hazards, risks, measures, and findings. Due to the authorization concept, some functionality is limited to all members of the project role "ISO" or the persons responsible for it.

Assets, Hazards & Risks, Measures, IS-Events / -Incidents, and Findings

As a technical or functional responsible, you can only watch and maintain your assets, etc.

Open

In the same manner, you should define your company’s hazards, which become risks being applied to the related assests. Always, you can create finding as part of an audit or during daily recognizations.

As an Information Security Officer (ISO), you are responsible for the information security management system (ISMS) and must create all related entities, such as assets.