Information Technology has found great use in any organization and is an important part of business. In this environment of today’s high use of technology, organizations are becoming increasingly dependent on information systems. The number of threats to information systems is on the rise.
What would you do if? you have been hacked
Risk Management: The process of identifying and controlling risks that organizations face.
Risk Identification: The process of checking and documenting the state of security of an organization’s information technology and the risks it faces.
Controlling Risk: The application process controls to reduce risks to data and information systems.
Know yourself: Identify, verify and understand all information and information systems currently in place
Know the enemy: identify, verify and understand any threats that may face your organization
Identification of risk
Organization’s assets are different objectives threats. Risk management process involves identifying assets the organization and identify threats / Vulnerabilities. Risk identification process begins by identifying the assets of the organization and assignment of values for each asset.
Identification and Evaluation of Assets
Begins with the identification of assets, including all elements of the system of an organization as: people
Asset classification and prioritization
Many organizations have schemes of classification of data (eg Confidential, internal and public).
Identification of Vulnerability
Specific routes that threat can exploit to attack an asset called vulnerabilities. Consider how each threat can be carried out and lists them assets and vulnerabilities of the organization. At the end of the process of risk identification, asset lists them and their weaknesses.
There are three categories for control: policy, programs and technologies.
After the risks be ranked, one of five strategies for the control of each risk need to solve: