The Network Security. Org

Understanding risk

Companies have always had to deal with different types of risk, be it financial, legal, the success of a new product launch or a merger, or the threat of natural disasters. These risks are traditionally treated as silos. The CFO is responsible for understanding and making decisions pertaining to financial risk. The IT department is responsible for the risk of loosing data processing capabilities. Legal council is responsible for understanding and managing the company's legal issues. And so on. But this fragmented approach to risk is becoming more dangerous as companies face risks that threaten the company's overall existence. These risks come in the form of noncompliance with government regulations, increasing information security threats, terrorist activities and natural disasters. It is important now more than ever, for companies to develop and maintain a holistic risk management program that coordinates these silos because they all have the same overall goal ? to protect the company and its assets.

Although many people in the information security industry use the word "risk," few have a true understanding of its definition and how it relates to the business world. Technically speaking, risk is the probability of a threat agent exploiting a vulnerability and the resulting business impact. For example, an open port could be a vulnerability and the corresponding threat agent could be a hacker who gets through that port and causes damage or loss, such as accessing customer credit card information in a backend database. Calculating the risk of this scenario requires understanding the possibility and probability of this taking place, but even more important, the to cost the company. Cost does not always have a straight forward quantitative value, which is what makes risk management a difficult task. Cost can come in the form of lost data, discredited reputation, loss of potential and unrealized customer revenue, loss of market share and more. These are qualitative and intangible components that make the calculation of risk much more difficult. Understanding risk

More News

• NetWitness releases free version of security software
  



• Three Reasons Why Users Won’t Buy Into Security
  



• Automated security testing & its limitations
  



• How to Use Network Behavior Analysis Tools
  



• The insider security threat in IT and financial services
  



• Top 10 Network Security Threats
  



• Big leap in malicious Web sites
  



• Network security makes a quantum leap
  



• Microsoft Preps 11 Security Bulletins for Patch Tuesday
  



• Practical Defense in Depth
  



• Apple releases another mega-patch for Mac OS X
  



• Security flaw in smart cards poses risk for transit, building access
  



• Free TrojanProof Password Tool Released for Windows
  



• Security scans with OpenVAS
  



• Do ISPs pose a bigger online privacy threat than Google
  



• HTTPS Cookie-Hijacking Tool CookieMonster Gobbles Personal Data
  



• Anatomy of a botnet
  



• Microsoft patches 8 critical bugs in Windows, Office
  



• Virtualization users should expect more attacks
  



• Threat From DNS Bug Is not Over, Experts Say