Security Asset Risk Management: Bank Risk Register
Conducted a comprehensive security asset risk management exercise for a bank’s operational environment. Identified risks, evaluated likelihood and severity, and created a risk register to prioritize mitigation strategies
Client
Google / Coursera
Services
Risk Assessment & Security Analysis
Deliverables
Risk register creation, risk scoring (likelihood, severity, priority), and operational environment analysis
View more
Project overview
Objective: Identify and evaluate potential risks to the bank’s critical assets and prioritize them in a risk register to strengthen security posture and regulatory compliance.
Challenges:
Large operational environment with 120 employees (100 on-premises, 20 remote).
Strict financial regulations require daily fund availability and data security.
Diverse partnerships (sports team + 10 local businesses) introduce third-party risks.
Multiple critical assets (funds, customer databases, financial records, supply chain) are exposed to varied threats.
Need to balance low-crime context with potential high-severity incidents (e.g., data leaks).
Project Execution
Defined the bank’s operational environment (staff, customers, regulations, partnerships).
Identified key assets: funds, customer databases, financial records, physical infrastructure, and supply chain.
Analyzed potential risks, including business email compromise, poor encryption, data leaks, theft, and supply chain disruptions.
Assessed each risk by likelihood (1–3) and severity (1–3).
Calculated priority score (Likelihood × Severity).
Compiled findings into a risk register with notes for prioritization.
Project Results
Developed a clear risk register with quantified priority scores (2–9).
Identified financial records leak (priority 9) as the highest risk requiring immediate mitigation.
Highlighted the compromised user database (priority 6) as a significant vulnerability needing encryption improvements.
Provided actionable insights for decision-makers to focus resources on high-priority threats first.
Delivered a structured framework that improves the bank’s security posture and regulatory compliance.
