Information Security Management Risks
December 15, 2007
By Anna Woodward
Of course, it is always clear that “risk” is a possibility that something unsuitable happens. What is not clear is how probable it is, what nature it has, and what harm it can do to an organization.
Betting on some event means the chance of financial loss: the unsuitable outcome. To decide if we want to take on this risk means calculating the chances of winning or the odds of losing. We can implement measures to reduce the chance of the danger, and put strategies in place to handle possible unpleasant outcomes.
Information security management is being aware of all elements involved in a specific risk and their relationship with your enterprise (company, web presence, etc). This is an essential basis for calculating the risk. Knowing about the threat means being able to assess it: we can choose if we want to accept it, wait and see, or plainly avoid taking it at all.
In the field of information security management, professionals should answer four main questions:
1. What can happen (threat)? Client private information (especially, but not only, credit card numbers) can be stolen through an insecure network, through cracked passwords, through flawed cryptography or through non-dependable employees.
Web-pages can be hacked and inappropriate content could be displayed. Business processes could be disrupted through web-attacks, blocking the normal operations of the company.
Identifying risk spots is the primary task for information security management professionals. Normally, due to the technical background of most professionals, there is a bias for focusing on technical problems. In fact, there are often a myriad of possibilities of attacking a computer system.
2. How bad can it get (impact)? Companies are responsible for keeping private information secure. Negligence in keeping this information secure can result in costly claims. Revealing intellectual property through negligence in security can result in an unduly competitive disadvantage.
The company’s reputation can be seriously damaged. Cash-flow can drop the entire time of a web-attack on the servers of the company and usually, for some time after the fact.
3. How often can it happen (frequency)? The short answer is: much more often than you believe. The absence of bad news in the newspapers should not allow you to a false sense of security.
Sometimes the victim doesn’t know that the company has been hacked. Of course, if some credit card has been charged without authorization, the holder will demand a refund. However, it is not always clear where the flaw in the security exists.
In some further cases, intellectual property of a company has been illegally copied and is used without consent. The lawful owner will in many cases not even have a hint of this problem.
4. How dependable are the answers to these three questions (uncertainty)? Although you can be sure that the risk exists, there is no simple way of calculating how often it happens. You can be sure that it happens, you cannot know when and where.
Consider the safety of your company’s virtual data, and have the flaws assessed by an information security management professional. If you take a “wait and see” approach, you risk an attack on your company’s documentation, private information databases, and perhaps, intellectual property.
Excel Partnership, Inc. wants to help your company review your information security management and tailor programs to secure your virtual data. Visit http://www.xlp.com for more information on preventing attack on your documentation, private information databases, and intellectual property.
Source: http://EzineArticles.com/?expert=Anna_Woodward
Related Articles on CRM Help Desk Software.com
- Managing Risk in Information Technology - Part 1
- 10 Essential Tip Regarding ERP (Enterprise Resource Planning) You Should Know
- Citrix Optimizes the Performance, Scalability and Security of Siebel CRM Applications
- Governing ITIL with CobiT
- Survey Claims Open Source is Business Security Risk
Recent Articles on CRM Help Desk Software.com
- Workday: The Next Software Power?
- Maximizer Software Launches New Brand and Corporate Focus on Mobile CRM
- Intelestream and Compiere Partner to Deliver Integrated ERP Solutions
- Gmail Outage Raises Doubts About Cloud Computing
- FreeCRM Now the Safest Online CRM in the Industry
- iDashboards presents Olympic Results Tracking
- IFS Announces Heightened User Experience for its CRM Solution
- Product Comparison for Customer Relationship Management Solutions for Small Enterprises
- Zoho Welcomes Prestige Home Automation as One Millionth User
- Soffront CRM Supports Multi-Currency
Free Newsletter
Sign up for the free Daily newsletter, filled with tips and ideas on how to choose a proper CRM, Help Desk, Customer Support, or Enterprise Content Management software system. Your email address will be kept confidential and won't be shared. Easily unsubscribe at any time.
If you enjoy the free information available on this site, you're sure to enjoy the free newsletter as well:
Site Search Tags:
CRM, Help Desk, Customer Support, Marketing, ERP, Enterprise Content Management, ITIL, ISO 20000, Data Security, On-Demand, SaaS,
Share and Enjoy:
Comments
Got something to say?
Complete List of CRM Vendors & Help Desk Vendors
Latest Headlines
- Workday: The Next Software Power?
- Maximizer Software Launches New Brand and Corporate Focus on Mobile CRM
- Intelestream and Compiere Partner to Deliver Integrated ERP Solutions
- Gmail Outage Raises Doubts About Cloud Computing
- FreeCRM Now the Safest Online CRM in the Industry
- iDashboards presents Olympic Results Tracking
- IFS Announces Heightened User Experience for its CRM Solution
