Risk assessment: a glimpse of the future

I believe a great risk assessment gives you a glimpse of the future. It gives you more control, more certainty; trust is good, control is better. If you are like me and on occasion have a niggle in the back of your mind about the security of your company or a new project going live, a risk assessment is the way to get that peace of mind. If you like to be confident that you have thought through the all the issues and angles, this is an exercise you should do regularly. When you need to decide on anything security related and you need to know is this the right decision, you need to first answer the question of what is the risk? If you need to know am I getting  value from this security investment? This is why you need to do a risk assessment.

A security risk assessment is a thought process. You need a tool that guides you through assessing:

  • Value - what is your most important information? You only need as much as security as you have value to protect
  • Threats - is there anyone that has the incentives and ability to cause you a problem?
  • Weaknesses - what are the weaknesses in your systems, your people and processes that could be exploited? How serious are these?
  • Risk - based on all this what is your actual risk? What is the real exposure?
  • Controls - how does everything you have spent on security so far help you reduce this risk? If you got rid of a control would it significantly increase the risk? Is it worth investing in new technology, people and process?

This is why I created Simple Security Risk Assessment (SSRA). It is really easy to use and intuitive. It is a structured mapping tool to help you make decisions about security. It will help you comply with PCI-DSS, HIPPA and other regulations that mandates performing a risk assessment. When you have a list of audit findings or penetration testing results, make sense of your priorities and your actual risks using SSRA. Try it out now and let me know what you think.

Photo credit: Stuck in Customs Flikr

Like this post? Get updates via RSS or follow me on Twitter @rakkhis
Share this, that's how ideas spread:

No comments:

Post a Comment


Written by