Data risk assessment

How To Perform A Data Risk Assessment

An Everyday Person's Guide To Data Risk Assessment

Let’s face it: IT security can be scary – even terrifying. There are so many things to consider. What level of security do you need? What should you be securing? And how do you do it? It is problematic to say the least.

Further than that, data risk assessments are important. They can help you manage and identify the vulnerabilities of your business, work out the legal or regulatory standing, and work out areas in need of investment.

Still, IT security need not be as fearsome as it sounds. With this (short) guide, we will show you how to perform a data risk assessment – in some short simple steps.

Identifying Threats And Assessing Vulnerabilities

The first thing to do is make all the threats facing your data visible. This will involve working out who is responsible for the collection, protection, and handling of data; identifying and tagging key files; and understanding the potential impact on your organisation if this data is compromised.

Do not forget to consider how human error, accidental misuse, and malicious insiders can lead to security breaches.

Next, how vulnerable are you to the threats you have just outlined? Such vulnerabilities are weaknesses or problems that occur when data is breached. They can be discovered through audits, tests, and reviews. Think: Are employees trained in security awareness? Do your computer systems have a firewall? Should some users have more privileged access than others? Any of these can create gapping vulnerabilities.


Once you have identified threats and assessed vulnerabilities, it is time for action. Many of these steps are easy. You can install anti-virus software (and keep it updated), implement multi-factor authentication, and educate your employees on how to recognise online attacks.

Other more complicated remedies involve creating data sharing policies. This includes defining how and when to share data, alongside data-centric security policies, focused on how to secure sensitive data types and transmit them across storage locations.

You should prioritise these actions according to their importance – namely, how critical they are.

With enough time and perseverance, you will look like an IT expert par excellence. Find out more about data risk assessments on our website.

Get the latest on data management in your inbox

We are an established data consultancy, working on some of Australia’s
biggest data management projects across seven capital cities.


Getting Your Critical
Data Sorted

Don’t Ruin Your Organisation by
Tolerating Poor Data Quality

Tuesday 27 February, 11-11.45am AEDT

Tim Goswell Practice lead

Tim Goswell

James Bell

James Bell

Tim Goswell Practice lead

Connect with Tim

Todd Heather

Connect with Todd

James Bell

Connect with James

Lloyd Robinson Director

Connect with Lloyd

How can we help