Risk management is a process of assessing, analyzing, and prioritizing risks to an organization and making a strategy to mitigate those risks.
A risk management process consists of five steps:
- Identify assets
- Identify threats
- Assess vulnerabilities
- Assess risks and
- Mitigate risks
Let’s try to understand each phase of the risk management process.
1. Identify Assets
In this phase, we identify the assets that we are trying to protect. These assets can be anything from physical assets like hardware to software and applications. We enumerate these assets and evaluate their importance in this phase.
2. Identify Threats
We know that a threat refers to something that can cause harm to an asset. For example, an attacker can infect a user’s computer with malware and steal sensitive data. Here, the malware is a threat to the user’s computer.
After enumerating various assets, we identify various threats that can affect the assets. We often use the CIA triad (What is the CIA triad?) or the Parkerian hexad (What is the Parkerian hexad?) to discuss the nature of each threat.
For example, if data is corrupted in the database, a payment may not get processed correctly. Hence, data corruption is a …
0 Comments