Information security is becoming an increasingly important part of business. The average cost of a data breach rose to $4.24 million (about £3.1 million) last year, according to a Ponemon Institute study, demonstrating the severity of the problem.
To mitigate these costs, organisations must conduct risk assessments to determine how they might fall vulnerable. But what risks should you be looking for, and how do you define risks?
We explain everything you need to in this blog.
Information security risk definition
If you look up the definition of information security risk, you’ll generally get the answer that it encompasses anything that can threaten the confidentiality, integrity or availability of sensitive information.
This might include risks related to physical records, digital assets, systems and servers, as well as incidents in which information is lost, stolen or made temporarily unavailable.
That’s a good basic summary, but the reality is more nuanced than that – and nuance is important if you are to address information security risks adequately.
A more accurate definition of information security risk is that it encompasses the negative effects after the confidentiality, integrity or availability of information has been threatened.
To understand why that’s the case, we need to look at risk within the trifecta that also includes threats and vulnerabilities.
A vulnerability is a known flaw that can be exploited to damage or compromise sensitive information.
These are often related to software flaws and the ways that criminal hackers can exploit them to perform tasks that they weren’t intended for. They can also include physical vulnerabilities, such as inherent human weaknesses, such as our ..
Support the originator by clicking the read the rest link below.
