Managing the risks to your IT systems

Posted by sou on Thursday, October 1, 2009

Risk management is a structured way of analysing and controlling the risk to your IT systems.

Risk analysis involves determining what those risks are and developing a plan to deal with them.

A risk analysis process typically involves:

  • understanding threats to the business - these are identifiable through research
  • determining which parts of your business are vulnerable to each threat - this can be determined through review, testing and audit
  • assessing the likelihood of threat actually affecting your business - this can be determined based on statistical research
  • understanding the potential cost to the business if a security breach does occur
  • identifying suitable and effective measures to minimise the likelihood of occurrence
  • identifying suitable and effective measures to prevent the threat or, should the threat occur, measures to detect it and enable appropriate recovery action

0 comments:

Post a Comment