The ability to perform comprehensive risk management relies on an organisation having a deep understanding of what risk is, how it surfaces and what can be done to mitigate it. With various organisations coming out with their own definition of risk, where does one begin? With our years of experience, we can help organisations identify and combat risk.
There are a number of definitions of risk from prominent organisations such as the ISO, NIST and ANSI. What all the definitions have in common is that they centre around ideas of an event that could happen, a probability that it will happen and consequences should it happen.
These and other concepts that come up in risk management are defined below:
something that may happen and may cause some undesirable consequence
a weakness which, if exploited, can give rise to some unwanted consequence
tangible or intangible but important to the organisation.
the consequences of an event happening. For our purposes, we assume a negative result from the event occurring.
what is the likelihood that the unwanted consequence or event will occur?
All risk and security frameworks begin by identifying and catergorising the organisations assets. After this process has been done, security controls can be selected which best protect the asset. These security controls are then implemented and in a following step, assessed for their suitability. Once they have proved suitable, then senior managment must approve their use. The controls implemented must be continually monitored to ensure they meet their objectives.
Our expertise in all areas of security is always on-hand. Contact us to know more.
We help manage your risks.