Should I build a Million Dollar Wall around a Two Dollar Asset?

By Michael Fiorito, MDS

Why is a Risk Assessment important? 

Some organizations have to do risk assessments to meet compliance requirements.  However, all organizations should identity their intellectual property assets and determine potential risk associated with them. 

How do I assess risk? 

Your organization is unique.  There’s no silver bullet that can surface every issue in your environment or provide a completely accurate representation of potential risks. 

Assessing risk is a process that allows your organization to measure its risk posture and identify gaps based on your systems and data and the threats and controls impacting those environments.  It’s the first step in building a mature security program.  

How does a Risk Assessment benefit my business? 

A risk assessment forces you to consider the potential outcomes of a breach.

You have to come face to face with these important factors: 

  • What data is valuable to our consumers and/or members?
  • What would happen if we were in the news for a data breach, even if the data lost was meaningless?
  • What legal liability do we have if something happened to the data?

A risk assessment should include all systems critical to operations or which contain sensitive information. It should also include an assessment of the operational processes and procedures used to maintain and operate the systems. These processes (such as employee on-boarding/off-boarding, O/S patching) can be overlooked and may be the weak link in any network.  

By considering all avenues and weighing decisions based on analyzed risk, a risk assessment empowers your organization to make better-informed decisions.

Pulling the plug doesn't have to be your only security solution.

Don’t become part of a rising statistic — ensure your company is armed against a security hack.