The information asset is a critical entity of an organization. To protect the sensitive data and fulfill the user security requirement, a company big or small takes all precautionary measures to assess I.T. security risk and alleviate the risks. The method and scope depending on the existing set-up and volume of information held by the company.
What are the common I.T. related security threats?
- Somebody unknowingly or deliberately publishes the sensitive data and information
- Unauthorized modification of system data and punching malicious software programs like virus, Trojan, and logic bombs
- Usage of organization communication bandwidth for some intended purposes
- Power failure resulting in preventing saving of final data in system by authorized user
- Failure of communication device preventing loss of data during transfer
- Complete wipeout of IT system due to natural calamities
 |
| Security Risk Assessment |
What are the reasons for vulnerabilities?
Risk assessment consists of quantifying the threats, vulnerabilities, impacts and developing countermeasures, testing and reviewing. In this assessment reducing vulnerabilities is very important. There are many reasons why the vulnerabilities can arise in any set-up.
- There are no defined standard procedures and contingency plan
- Employees have not undergone contingency training
- No recovery procedures are in place
- Regular interval backup plans are not in practice
What are the challenges faced in risk evaluation?
- Hesitant to spend money Security risks are not considered as a risk until and unless there are some recent breaches or audit requirements. This is the reason why the expenses of security review are not budgeted.
- Customer resistance All upgrades to new security system create a new user experience. This is not easily accepted by users. Even a simple password upgrade request sent by company takes lots of time for all users to accept.
- Wrong tools When the security managers select a tool to mitigate risk, later comes to notice that it is not effective in addressing the risk. This happens due to personal mindset or lack of latest tools for analysis.
What are the procedures for risk evaluation?
Enterprise risk management is a complicated procedure that comprises of evaluating security framework, establishing rules & regulation for security policy and creating controls that minimize threats and vulnerabilities.
 |
| Security Risk Assessment |
- Identifying Information Assets
The initial process consists of collecting data for analysis like network architecture, existing I.T. setup physical assets, list of all applications used by the enterprise, government regulations, user interests and security system in use. The preparation can be time-consuming and be challenging for big enterprises.
- Evaluation of Impact
Under this analysis, it is estimated as how much harm can arise if the vulnerabilities are exploited. It is measured in terms of financial loss, service level, reputation, and production loss. The level of risk that can be can be bear and impact of such threats on assets.
- The Likelihood Analysis
There are chances of occurrence of risks again after a certain period. Under this analysis, estimation is made as for when the risk factors can arise again (time period – in a day, after a month or after a year) and how to handle the situation. In the analysis, the more likely probability is the more risk factors are associated with it.
Every identified risk, its impact, and likelihood must be mapped together to give an actual estimate of risk. Such security risk assessment programs help the organization take care of the risk before time; create values for employees to work within the company procedures and provide the secure user experience. Risk management is an ongoing process and paying attention benefits the organization in long-term business.
0 comments:
Post a Comment