How to analyse data in Risk Management?

There are multiple useful techniques. Good starting point would be:

  • Cause-and-Effect Analysis – which enables you to identify a root cause,
  • Fault-Tree Analysis – exploring events which may lead to a top-level event. And then analysing reasons for those events to happen.
  • Sensitivity Analysis – assessing which risk factor might have the biggest impact.

There are several questions which you should ask when analyzing Log Data.

  1. Are the controls operating correctly?
  2. Is the level of risk acceptable?
  3. Are the controls aligned with the risk strategy, business strategy and key priorities?
  4. Are the controls flexible enough to meet changing threats?
  5. Are the correct risk data being provided in a timely manner?
  6. Is the risk-management effort benefitting corporate objectives (or at minimum not hindering them)?
  7. Is awareness of risk a compliance requirement reflected in user behavior?