Evaluating Physical and Information Security Risks

By
Services for Real Estate Pros with IDTheftSecurity.com Inc

When it comes to protecting an organization’s information, flaws with this can involve either implementing strong technology to protect too much trivial data, or inadequate protection of important and sensitive data.

In short, not enough attention is cast upon a company’s most important information; there’s a gap between the IT department and the operational units of the business.

A thorough risk assessment is warranted in these cases. Once all the risks are identified, strategies can be created by personnel to prioritize risk minimization. This is risk management.

Risk has several components: assets, threats and weaknesses. Businesses must address (risk-assess) all components—internally, rather than externally by outsourcing.

A risk assessment identifies all potential risks, then analyzes what might happen in the event of a hazard.

A BIA (business impact analysis) is the process by which potential impacts are determined that result from the impediment of critical business activities. With a BIA, the results of disrupted business processes (which can include losses or delayed deliveries, among many others) are predicted; information is collected to come up with recovery strategies.

The objective is to maximize cost/benefit: identify the most relevant risks and reduce them with minimal investment.

The strategy is to determine what risks this company may face in a given year (e.g., digitized information, reputation, paper documents, employee safety).

Next is to formulate a list of possible sources of threats (employees, hackers, customers and competitors, to name some) based on the experiences of many in the organization. There are also risk assessment plan guidelines online.

Then next is a risk assessment chart. A list of assets must be compiled (e.g., employees, machinery/equipment, IT, raw materials, etc.) in a left column. Then opposite each asset, put down its associated hazards that could yield an impact. Each hazard is broken down into high probability-low impact and low probability-high impact.

Review the impacts for vulnerabilities that may make the asset prone to a loss. Here you’ll find opportunities for threat prevention or mitigation. Probability of occurrence can be specified with L for low, M for medium, H for high.

Information from the BIA would go towards rating the impact on “Operations.” Make an “entity” column for estimations of potential impacts (e.g., financial, brand/reputation, contractual). “Overall Hazard Rating” combines “probability of occurrence” and the highest scoring that impacts operations, employees, property, etc.

A worst case scenario? Do nothing. After all, a failure to plan is a planned failure.

Robert Siciliano is an Identity Theft Expert to AllClearID. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him knock’em dead in this identity theft prevention video. Disclosures.

close

This entry hasn't been re-blogged:

Re-Blogged By Re-Blogged At
Topic:
ActiveRain Community
Tags:
risk management
threats
security risks
risk assesment

Post a Comment
Spam prevention
Spam prevention
Show All Comments
Rainmaker
1,143,971
David Shamansky
US Mortgages - David Shamansky - Highlands Ranch, CO
Creative, Aggressive & 560 FICO - OK, Colorado Mtg

As always great info Robert!

With the ever changing landscape and how much computers are dominating our world security should be at the top of everyones list

Feb 26, 2014 12:08 PM #1
Post a Comment
Spam prevention
Show All Comments

What's the reason you're reporting this blog entry?

Are you sure you want to report this blog entry as spam?

Rainmaker
897,643

Robert Siciliano

Realty Security and Identity Theft Expert Speaker
Ping me to book a program for your group
*
*
*
*
Spam prevention