Week 6

Question 1

The main purpose of monitoring and review process are:

Answer 1

• Ensure that controls are effective and efficient
• Obtain further information to improve risk assessment
• Analyse and learn lessons from incidents, but also from changes, trends, successes, and failures
• Detect changes
• Identify emerging risks
• Things to monitor: (changes to) assets, threats, vulnerabilities•Changes in internal and external context: legal, competition, criteria…

Question 2

Conclusions

Answer 2

• Monitor risks (external), and monitor risk managament (internal)
• Detect: situation awareness
• Qualitative versus quantitative risk analysis metrics
• Continuous monitoring:n research topics