IT systems are a double edge sword. Not only
do they increase employee productivity and
reduce costs, they also increase risks as
intellectual property and sensitive information
are stored in a central location. Assessments
can help organizations identify and manage
risks.
Once risk areas have been identified,
organizations have a number of ways to mitigate
or reduce their risks:
- Risk Assumption. Accept the potential
risk and continue operating the IT system or
implement controls to lower the risk to an
acceptable level. Administrative, physical,
and technical controls help lower the
organization's risks.
- Risk Avoidance. Avoid the risk by
eliminating the risk and/or consequence. For
example, bypass or eliminate certain
functions of a system or shut down the
system when risks are identified.
- Risk Limitation. Limit the risk by
implementing controls that minimize the
adverse impact of the risk. For example,
implement preventive controls such as
Intrusion Prevention Systems (IPS) that
actively identify and restrict access to
information.
- Risk Planning. Manage risks by
developing a risk mitigation plan that
prioritizes, implements, and maintains
controls. Implement managed services to
minimize risks.
- Risk Research. Lower the risk of loss by
acknowledging the vulnerability or flaw and
researching controls to correct the
vulnerability.
- Risk Transference. Compensate for the
loss by transferring the risk to another
party. In addition to securing systems,
organizations have the option to insure
against security breaches. For example,
insurance can cover the cost of regulatory
mandated notifications that a security
breach has occurred as well as fines, fees,
or penalties arising from privacy or
consumer protection errors.
Risk
assessments and
network
security audits help organizations identify,
manage, and reduce their risks. Formal and
documented policies
ensure a top down approach to managing network
security risks.
Security Blog menu
Tags: risk reduction | mitigate risks | risk
activities | eliminate risks | risk management
|