How to assess risk – Part I: Asking the right questions


Flask Data provides a one-stop cloud subscription for EDC, data management and statistics.

It seems to me that self-assessment of risk is a difficult process to understand and execute, primarily because the employees who are asked to assess the risk in their business process, a) don’t really understand the notion of risk and b) don’t really care.  Let’s face it – risk is difficult to understand, since it is a function of many different, often-interdependent variables.

So the question I am going to pose today is:  What is the best way to do a risk assessment?

and the answer is: Start by asking the right questions.

Let’s say that you have the job to collect data for a risk assessment in your business unit. You sit down with the security and compliance manager and schedule meetings with people in the unit. You figure you’re going to be less than thrilled with the quality of information you receive and the employees may not be excited by your standard checklist questions. However, you know that whistleblowing is innate in all of us and it’s worth trying to get to first base.

Drop the compliance checklist and use an attack modeling approach instead.

Explain the notion of valuable company assets, vulnerabilities, threats that exploit vulnerabilities and security countermeasures. It will take a few minutes and every employee I’ve ever met will grok the concept immediately. For starters – ask 7 questions (you notice how all the process improvement methodologies always have 7 steps…)

  1. What is the single most important asset in your job?
  2. What do you think is the single biggest threat to that asset?
  3. How do you think attackers cause damage to the asset?
  4. Can you give me one example of a security exploit (on conditions of non-disclosure)?
  5. If you could give the risk and compliance manager one suggestion, what would it be?
  6. If you had to give the CEO one suggestion, what would it be?
  7. If you had to give President Obama one suggestion on how to reduce the threat of global terror, what would it be?
Related Posts Plugin for WordPress, Blogger...

Flask Data is a technology company with a strong people focus. We are a diverse group of computer scientists and clinical operations specialists based in Israel, the US and India. We are accomplished at providing our customers with the most effective way to achieve high quality clinical data and assure patient safety. There is no single solution that works for every clinical trial. We work hard to understand your unique situation. We work with your team to develop the best solution to achieve high quality clinical data and assure patient safety the same day you engage with patients.

Flask Data – same data data and safety solutions for clinical trials.

Contact us to learn more

Tell your friends and colleagues about us. Thanks!
Share this

Leave a Reply