I am trying to find out how organizations are conducting risk assessments.
1. Are you using automated tools? 2. Are you developing your own risk assessment tools in-house? 3. What steps are you using to identify risks? An example; if you are developing an employee sanction policy/procedure, what steps or processes did you go through to identify what types of risks you should include in the sanction policy? * How did you identify the risk? * How did you categorize the risk? * How did you classify the risk? * How did you determine what sanctions to employ for that particular risk? * Who participated in this process? * Are you willing to share a copy of the policy or process with the group. Thanks for your assistance. Susan Rouse Unisys Compliance Advisory Group 8008 Westpark Drive Mclean, VA 22102 703-556-5925 --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-security as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
