How to do a simple risk analysis.
The first and most important step in improving your computers security is to identify all the critical assets that you would like to protect and what to protect them against. The systematic process to achieve both the list of your assets and a list of risks to each of the critical assets is called a risk analysis.
A risk analysis starts by identifying the context of the analysis, which in this case can best be described by the environment of your system(s) and the security measures already in place..
The second andmost underestimated phase of a risk analysis is the systematic analysis of all your important assets. If you have not identified an asset you cannot decide whether you need to protect it. And that's where a risk analysis often goes wrong.
You will need to identify:
- Your hardware assets
- Your software assets
- Your data assets
Start with identifying each asset first, and then decide which ones are worth protecting. Because the next phase, risk identification and assessment, is time consuming and costly you might want to start with the most critical assets first. More on that later.