This week, I thought I would take the suggestion of our instructor and not discuss the recent Sony Play station hack that has caused a disruption in service since mid-April. Instead we will explore the wonderful world of Risk! No, not the board game where people can partake in the epic struggle for world domination. Rather, the ever important task of prioritizing company assets and evaluating their vulnerabilities and their likelihood. Basically, a company wants to know the defense status of their systems as a whole and conducting a risk assessment is one way to carry out that assessment. Before this week, I was not aware of the detailed processes that make up the risk assessment. The charts presented in this week’s reading made the analytical work much easier, but the number crunching and investigation can be intense.
When looking at the risk assessment process, it is a very large undertaking. It is very important to conduct a thorough and accurate investigation. The results from this process could be a critical piece of information in allowing the IS team better protect the companies resources. However, when considering the information security field and all the activities it entails, the risk portion is not the main focus or goal of the system.
The instructor questions if this should be referred to as “information risk” as opposed to “information security”. In my humble opinion, this change is not necessary. I do not intend to take away from the importance of exploring and knowing the risks as they pertain to IT and ultimately, company resources. However, the security measures deployed in response to the risk assessment is of great importance.
On a final note, it is also important to realize that the risk assessment hold different value to different people. For example the team who is conducting the investigation may be fully aware of the risk and regard these vulnerabilities as critical issues. However, when presented to management, the course of action may be discarded all together. After all, many companies see these risks and losses as unavoidable and a cost of doing business. Yup, throw money at it! That should do the trick. Thanks for reading everybody!
No comments:
Post a Comment