--Originally published at lazynesstothemax
There are many risks in our imperfect Cyber Security world. The fact that technology only moves forwards and hackers innovate in the ways that they operate is good enough for us to know that our systems, our networks will never be absolutely safe. We need to innovate in our ways of protecting our systems too, but that will obviously take sometime. For the meantime we need to also prepare in case of an attack or a security leak. We need to be on a watch 24/7 for the integrity of our systems to be safe. That’s why we will talk about risk assessment and how can we prepare for the worst.
Risk assessment is the determination of quantitative or qualitative estimate of risk that is found in a well-defined situation recognized as a threat. In order to assess quantitatively a risk we are required to do calculations of two main components of said risk: the magnitude of the potential loss and the probability that the loss will occur. An acceptable risk is the risk that is well understood and tolerated. This risk may be allowed to exist because the cost or difficulty of implementing an effective countermeasure for that vulnerability exceeds the expectation of loss.
There are different ways to approach risk assessments and to prepare for these risk to happen. This is a list of steps that one usually takes to confront a risk:
- Understand what information you need to protect: The first step in assessing an organization’s cyber risk is to understand which of the company assets you are trying to protect and why. Which are the most important assets in the company that need your most attention?
- Identify the threats that you need to be aware of: When talking about threats, you have to ask yourself some
.
- How do you store the information?
- Who has access to the information?
- How do you protect your data?
- What steps are you taking to secure your computers, network, email and other tools?
- Forecast the consequences of a successful attack: You have to study the risk and what would happened if it was exploited, what would happen during the attack and afterwards. You have to know and be aware of the consequences of the attack and how will it affect the company.
After you follow those steps you will have to make up a plan for every scenario that can happen if the attack was real. This plan must consider this key areas:
- Prevention: Policies and procedures that need to be made in order to reduce the risk of the attack.
- Resolution: In the event of the attack, plans and procedures need to be in place to determine the resources that will be used to solve the threat.
- Restitution: Companies need to be prepared in case of any lose of data or integrity for the employees and customers so the trust or business is damaged in the least.
We cannot believe that we will always be safe of an attack. Instead we need to acknowledge the risk that exist in our company and be ready for the counter measure. If not, we are going to have a really bad time.
This post was made in collaboration with Rodolfo Padró from https://rodolfopadro.wordpress.com/ Check out his other post about Security and other stuff hehe xd
