Risk
Assessment
Risk assessment determines what assets need to be protected,
identifies the threats to those assets, and the potential
loss to the organization if those threats were realized. Steps
in a risk assessment include the following
Identify all assets in the organization. This includes information,
equipment, marketing image, strategic plans and objectives,
intellectual property, and business processes. After all of
the assets have been identified, the assets need to be valued.
Valuation of identified assets. This is not only the cost
or replacement of the asset, but also the labor to create
and maintain it, how important the asset is to the organization,
lost productivity, missed opportunity costs, and the value
of that resource to a competitor. Valuation helps to contain
costs and understand the level of security required to protect
an asset.
Threat identification involves identifying threats agents
to the confidentiality, integrity, and availability of an
organization's assets. The threats will be prioritized based
on the consequence to the company and the likelihood of the
threat being realized.
Vulnerability Assessment
- A vulnerability is a weakness in a system that could allow
a threat agent the ability to compromise a system.
Business Impact Analysis
is a cost benefit analysis that weighs the impact of a risk
and its countermeasure. The business impact analysis provides
the business case for providing the correct level of security
to an organization.
© 2003 Hudson Business Networks
|
