Risk Assessment: What is it and why does my organization need it?
January 18, 2014
Consider a Risk Assessment like checking the doors and windows on your network. With all of the confidential corporate and customer information in your database, you would never consider leaving those doors and windows open. But beyond the entryways that are easy to see, are there other access points that are not so obvious? Is your network at risk of experiencing a devastating breach?
What is it and why does my organization need it?
An Information Security Risk Assessment is a means of examining your organization’s information security infrastructure. It will identify vulnerable areas in the network and provide steps to secure those weaknesses. Your organization will then be able to prioritize which areas need to be addressed immediately, which are less urgent, and which ones are not urgent at all. It is the fundamental first step in an information security health check, and is often considered to be the most important.
A Risk Assessment will provide a clear view of weak points, or unlocked doors and windows in your network. This knowledge is the crucial first step in systematically securing your network from breach.
But, I just don’t have the budget to support highly technical IT projects right now.
Today’s headlines show businesses and government agencies increasingly falling victim to costly data leaks. Given the current threat landscape, it is crucially important to independently evaluate your security posture. With the average breach now totaling around $6.75M in a typical data loss event, your organization simply cannot afford not to take action.
In the case of Risk Assessment, a proactive approach can prevent catastrophic breaches in many cases. The cost of not being proactive: roughly $6.75M.
Can I be sure that we’re going to be secure from a breach once the Risk Assessment is complete?
An Information Security Risk Assessment is just that: an assessment. It provides a detailed evaluation of your organization’s current IT security posture and recommendations to secure your information infrastructure. The assessment will show you where the potentially weak areas are, in order of priority, and what needs to be done to secure those weak areas. It is then up to your organization to determine where to allocate additional resources to begin the process of implementing needed change.
A Risk Assessment will provide your organization with an objective evaluation of the security of your information infrastructure. It is your organization’s first step in your IT Security Health Check and Get Well Plan.
ICS has conducted more than 150 comprehensive Risk/Security Assessments using industry best practices and standards including:
- ISO 27002 (formerly ISO 17799 and BS7799)
- National Security Agency Information Assurance Methodology (NSA IAM)
- National Institute of Standards and Technology (NIST) SP800-series
Contact us to learn which Risk Assessment components are most appropriate for your organization based on your organizational needs and resources.