Risks are everywhere. There is absolutely no such thing as no risk in any area of life. When it comes to information systems security, risks can be broken down into 7 main categories.
1. Physical damage
2. Human interaction
3. Equipment malfunction
4. Inside and outside attacks
5. Misuse of data
6. Loss of data
7. Application error
In order for a fitting risk management plan to be in place from a security standpoint, each of these categories must be analyzed. Then, potential damage should be calculated. Of course, you never really know how much damage not managing a certain risk will have on your organization until something bad actually occurs. The main objective here is to identify which risks are potentially more damaging, and then take precautions in that order.
No comments:
Post a Comment