Having analysed the situation, the next stage is to decide what to do about the risks.
For each risk to be managed, we need to identify what cost-effective countermeasures can be applied. Possible countermeasures are:
- avoiding the risk – avoidance would mean stopping the activity that is causing the risk. For example, deleting all banking information and unsubscribing from internet banking would avoid the risks associated with the information assets related to banking.
- modifying the risk (likelihood and/or impact) – this involves choosing and implementing a security mechanism that reduces the likelihood of a successful attack, or the impact that would result from such an attack. For example, installing an up to date antivirus application can prevent the attacker from using malware to gain access to the computer holding the internet banking information.
- transferring the risk to others – typically involves taking out insurance to cover any losses in the event the threat materialises.
- accepting the risk – would mean choosing not to implement any of these countermeasures, choosing instead to monitor the information asset for any attacks.
Protecting your information assets
Now you’ve done a risk analysis, it’s time to look at how we can better protect our information assets.
You’ve already thought about backing up data and using encryption to protect information – but have you put any of these measures into practice?
What steps have you taken to protect them? For example:
- Have you set up firewalls to protect your networked computers from external attack?
- Are you protected by up to date antivirus software?
- Are your operating system and key applications up to date?
- Is important information protected by encryption?
No comments:
Post a Comment