Performing a risk analysis with RAFIS
RAFIS is a tool that helps you to perform a risk analysis for information security. The goal is a selection of controls from the chosen security standard, based on threats that have been mapped out during a workshop. The use of RAFIS is based on a series of steps, as indicated below.
- Mapping relevant information systems within your organization.
- Identifying the actors that can breach your information security.
- Performing the actual risk analysis:
RAFIS contains a few more functionalities that are not directly related to performing a risk analysis. These are explained below.