Guide to conducting cybersecurity risk assesment for critical information infrasctructure
With rapid advancement in technology, shifting cyber threat landscape and increased digitalisation, organisations may be exposing themselves to greater cybersecurity risks that may potentially have an adverse impact to their organisation and business objectives. Thus, it is imperative for organisations to manage these cybersecurity risks effectively.
Cybersecurity risk assessment (referred to as “risk assessment”) is an integral part of an organisation’s enterprise risk management process.
The purpose of this document is to provide guidance to Critical Information Infrastructure Owners (CIIOs) on how to perform a proper cybersecurity risk assessment.
This document will also identify expectations that are required of CIIOs to take note when performing their risk assessment. The expectations are denoted with the icon below in this guidance document.