{"id":5592,"date":"2018-10-09T09:45:50","date_gmt":"2018-10-09T14:45:50","guid":{"rendered":"https:\/\/www.poweradmin.com\/blog\/?p=5592"},"modified":"2018-09-28T09:33:47","modified_gmt":"2018-09-28T14:33:47","slug":"tips-on-security-risk-assessment-2","status":"publish","type":"post","link":"https:\/\/www.poweradmin.com\/blog\/tips-on-security-risk-assessment-2\/","title":{"rendered":"Tips on Security Risk Assessment"},"content":{"rendered":"

By Des Nnochiri<\/strong><\/span><\/p>\n

\u00a0<\/p>\n

Performing a security risk assessment has become an economic and functional necessity in the digital economy. Cyber-threats and many of the legal and operational aspects of data-handling now constitute as much of a challenge to enterprise success as effective marketing, and continuous service delivery.<\/span><\/p>\n

\u00a0<\/span><\/p>\n

A strong security posture, responsible data governance, and hitch-free network administration are just some of the essentials for business success in a digital marketplace. Each of these elements is continuously under threat from a number of different vectors, ranging from direct assault to technical failures, human error, and mismanagement.<\/span><\/p>\n

\u00a0<\/p>\n

\"\"<\/a><\/span><\/p>\n

Threats, vulnerabilities, and unknown factors, with the potential to adversely affect enterprise security and operations, make up the risk landscape which an organization must navigate its way through. One of the principle tools available for doing so is a comprehensive risk assessment.<\/span><\/p>\n

\u00a0<\/p>\n

In this article, we\u2019ll be offering recommendations on how to conduct that risk assessment with an eye for the latest business trends and strategies in this area.<\/span><\/p>\n

\u00a0<\/span><\/p>\n

Start with the Fundamentals<\/span><\/h2>\n

\u00a0<\/span><\/p>\n

Before proceeding, it\u2019s essential to first understand what actually constitutes a risk and then to identify the security risks which are relevant to your enterprise.<\/span><\/p>\n

\u00a0<\/span><\/p>\n

Risks may be defined as those known and unknown factors that are capable of having an adverse effect on the workings of your organization. In general terms, these risks may stem from your physical work environment and personnel, conditions of the market or your industry sector, connections to the outside world (including communications channels, partnerships, and the internet), or external agencies and actors.<\/span><\/p>\n

\u00a0<\/span><\/p>\n

In terms of security, the National Institute of Standards and Technology (NIST) defines risk as \u201ca function of the likelihood of a given threat-source exercising a particular potential vulnerability, and the resulting impact of that adverse event on the organization.\u201d<\/span><\/p>\n

\u00a0<\/span><\/p>\n

The \u201cvulnerability\u201d that this definition refers to might stem from an error or weakness in your organization\u2019s security policy and procedures or their associated technologies and controls. Threats or risks must be identified and assessed in terms of their potential to disrupt operations, cause system damage, or produce security breaches by affecting or exploiting these avenues.<\/span><\/p>\n

\u00a0<\/span><\/p>\n

Taking an inventory of your data, personnel, and other aspects of your operation should be followed by a \u201ccrown jewel analysis\u201d to identify the most highly valued or critical assets and the building up of models describing how data flows through and out of your organization. It\u2019s then necessary to establish which of your assets may become vulnerable to various kinds of threats and the nature of the threats themselves. <\/span><\/p>\n

\u00a0<\/span><\/p>\n

As a guide in constructing the risk assessment, several frameworks are available<\/a>. These include:<\/span><\/p>\n

\u00a0<\/span><\/p>\n