unit 4 db#2+ responses

how often you perform a risk assessment depends on some factors but at a minimum at least once a year. i think that this is a good practice that a risk assessment is done at least one a year this will allow a company to be able to adapt to recent changes that increase risk. some factors that might change this once a year time table for a risk assessment are new risks in the cybersecurity field and or maintaining / obtaining a accreditation.

Cybersecurity program best practices - dol. The US Department of Labor. (n.d.). Retrieved October 18, 2021, from https://www.dol.gov/sites/dolgov/files/ebsa/key-topics/retirement-benefits/cybersecurity/best-practices.pdf.

Risk assessment should be conducted at least once a year. Being proactive about risk management allows an organization to stay in compliance with laws and regulations and ensures the health and safety of employees. Factors that may see an organization perform risk reviews more frequently include the purchasing of new machinery, introduction of new substances or other workplace hazards, new laws and regulations and even when accidents occur. The only time an organization should perform risk assessments less frequently is when the risk of a threat is significantly lowered. A good example of this is if an organization relocated their office but still needed someone to visit the previous empty premises, especially if they own the place. Since no one actually works there full time they won’t need to perform regular risk assessments to the property.  

          A. (2021, July 7). How often should risk assessments be reviewed | H&S Advice. Pro Safety Management. Retrieved October 16, 2021, from https://www.prosafetymanagement.co.uk/reviewing-risk-assessments/

          Covello, V. T., & Merkhoher, M. W. (1993). Risk assessment methods: approaches for assessing health and environmental risks. Springer Science & Business Media.