WHITEPAPER: SOFTWARE TOOL FOR EFFICIENT RISK ASSESSMENT

The paper presents advantages of using a Risk Assessment Tool for assessment of risks that information assets are exposed to. The main purpose of the paper is to answer the question: What makes a risk assessment software really useful for organization?

In practice it turns out that the risk assessment tool is useful if it can be adapted to organization risk management process. This means that access rights can be configured on the basis of the user role in the process of risk assessment, that the risk matrix can be adapted and the relevant threats and vulnerabilities can be chosen from the available database. 

The experiences show that qualitative estimation of input data for risk estimation is more useful and better approximates the real situation than the qualitative one.