Security Risk Management (SRM) is the process of managing risks associated with technology. Through identifying, evaluating, and treating risks to your network and data assets, we can can reduce the chances and severity of possible intrusions.
3 Steps of SRM (Identification, Assessment, Mitigation)
IdentificationIdentify your assets – What assets in your network do you recognize to have the greatest impact if compromised? This includes any information that would not only cause data loss, but loss of integrity; such as if customer’s financial data was stolen. This can bring on a multitude of ramifications including law suits and other unfortunate actions. Identify your vulnerabilities – What security holes or weaknesses could allow intruders access to your data or even possible data loss from natural disasters? Identify your threats – What possibilities are there that could cause an information compromise or data breach? This can range from a “script-kiddie” hoping to get lucky on your firewall being down, to a tornado or a flood. Identify your protections – What protocols do you currently have in place to protect your data? Do you have firewalls and anti-virus? Maybe you have physical back ups in an off site location? All these help to reduce the impact in the event of data loss or compromise.
Between your assets and controls or protections, where do you need to reinforce? What is your weakest link? The general equation for risk assessment is as follows: Risk = (Threat x Vulnerability (Chance x Impact) x Value) – Security Protocols
(This is a simplified visualization for explanation purposes only)
Risk Planning – Once you have discovered your threats and calculated their possible impact, then you can begin planning to stop them from happening altogether. For example, when you see that your firewall is not configured correctly, you identify that the risk of an intruder is very high and the potential loss of data could cause tremendous damage to your organization, you can deduce that the best mitigation is to reconfigure your firewall.Enact Protocols – After planning on your best possible solutions to your current risk assessment, then you can begin enacting those controls and protocols. Start re-configuring that firewall or make a back up of your data. Each step that you take to protect your data is another step you wont have to re-trace in the event of a catastrophe. Re-Assessment – With your new safety measures in place and you are content with your protocols, you can begin to re-assess your situation. Check to see if those risks are still too high, look for new risks; risk assessment is a constant battle to ensure you have your data secured and protected against all manner of intrusions and catastrophes.
Here at JMC Information Technologies, we can provide up to date risk assessments for your organization through training, consultation, and vulnerability assessments. If you would like to learn more, then feel free to request a quote and we will help you assess your situation and ensure your data is safe from harm.