HOPEX Aquila EN

GRC - Governance, Risk & Compliance > HOPEX Cyber Resilience > Building Cyber Resilience > Assessing ICT Risks

Assessing ICT Risks

ICT Risk Assessment Template

Contexts

Respondents

Questionnaire rendering

Prerequisites to ICT Risk Assessment

Launching an ICT Risk Assessment

See Assessing Risks for an overview of the risk assessment feature. This section is about ICT risk assessment specificities.

ICT Risk Assessment Template

Contexts

HOPEX Cyber Resilience provides an ICT risk assessment template in the context of the following objects:

• Entity

An org-unit represents a person or a group of persons that intervenes in the enterprise business processes or information system.

• Process category

A process category regroups several processes. It serves as a categorization level and provides access to finer grained processes.

• Process

A process describes how to implement all or part of the process required to make a product or handle a flow.

• Operation

An operation is an elementary step in a process. It corresponds to the intervention of an entity withing the organization.

Risks on processes and operations are retrieved only if the processes and operations are connected to a live contract.

• Application

An application is a set of software tools coherent from a software development viewpoint.

• Software technology

A software technology is a basic component necessary for operation of business applications.

• Contract

A contract is a written agreement between the organization and a vendor.

• Vendor

A vendor is a external org-unit of "Vendor" type.

Respondents

Respondents are defined as follows:

Context object type	Responsibility (business role)
Technology	Local Technology Correspondent
Application	Local application owner, IT owner
Process	Risk assessor
Process category	Risk assessor
Entity / Vendor	Risk assessor, Risk Manager

Questionnaire rendering

The questionnaire is in the form of a heatmap.

For further details, see Using Heatmap Questionnaires.