Answer the question
In order to leave comments, you need to log in
Is there a list of risks associated with storing information?
There are, for example, two types of solutions that allow the exchange of information.
For these solutions, it seems to me that there are the following risks when storing information:
Answer the question
In order to leave comments, you need to log in
First of all, I want to note that the assessment of information security risks should be included in the "Information Security Program" of your company. Since the "IS Policy" section lays down the basic rules and values and roles that you will then operate in the "Risk Assessment". If this is not the case, then it is necessary to assess the risks based on a certain Optimistic or pessimistic scenario.
An example methodology for calculating Risk in an information system:
1. Calculate the cost/significance of all Assets in your information system. To determine the importance of values in order.
2. Identify all kinds of threats and attack scenarios. Insiders, Viruses, Competitors, Equipment failure, etc.
3. Calculate numerically the Risk for each Value in the event of each Threat. in numbers according to the formula ALE, MTD, ARO, SLE
ALE = SLE * ARO
(see my earlier posts for an example)
MTD - how long will your business last when Value XX disappears ??
ALE - how much damage in monetary terms, on average per year, will the XX threat inflict on you?
(there are a number of threats that occur naturally once a year, once every two years, etc.)
4. Thus, evaluate the most significant Threats.
5. Assess what can be done to minimize the impact of threats on the most significant Values. This means What kind of protection you need to additionally buy / install / train / check / adjust.
Perhaps in some of the solutions there will be built-in protection for some threats. At this stage, you will receive cash costs to cover the missing protection.
Or maybe you find out that you have some costs that do not depend on the type of Solution. for example, you still need to train the staff not to send the password by mail :)
Then you do such an analysis for the First decision and the Second decision and compare the monetary indicators.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question