What, when and how?
What: Risk management is a central tool in the work with information security at AAU. Specifically, it is about identifying and assessing the risks that may arise when our IT systems process and store information. The method is developed by ITS Sikkerhed, based on the principles of ISO27005, and is crucial for ensuring adequate information security and protection of AAU's systems.
When: As a starting point, risk management is used when major systems are purchased at AAU and on an ongoing basis if risks are identified in existing systems.
How: At ITS Security, risk management is divided into five different phases.
ITS Security distinguishes between technical and non-technical risk assessments. The technical risk assessment is part of the impact assessment work that the Contracting Unit is responsible for performing.