Information Security
Contact Us
Information Security
Information security risk management allows an organisation to evaluate what digital information in must protect and why.
This forms an important decision support element in identifying security measures for your organisation.
Implementing an information security risk evaluation within a business and organisational context will allow you to recognise your security needs and the associated risks, as well as some of the best preventative measures in the business world.
Information Security risk has several different components:
Threat Actor
The entity that exploits a vulnerability
Vulnerability
The component that is exploited by the threat actor
Outcomes
The result of exploiting a vulnerability
Impact
This refers to any consequences from the unwanted outcomes
Cybersecurity spending priorities for the next 12 months:
- Improved collaboration among business, digital and IT 51%
- New security needs related to evolving business models 46%
- Security for the Internet of Things 46%
- Digital enterprise architecture 46%
- Biometrics and advanced authentication 43%
Finally, the most important factor of information security risk is the asset, be it information, technology or a process, that was affected by the risk.
As the asset that is at risk cannot simply be eliminated, the only information security risk component that can be properly controlled is the vulnerability itself.
The Risk Dashboard identifies how to control a vulnerability:
Eliminate it. If it does not exist, of course, then it cannot be exploited
If this can't be done, try and reduce the probability of exploitation occurring
You can also try to reduce the impact's severity as a result of the vulnerability's exploitation
If this cannot be done, you must simply accept the risk
“Cybercrime climbs to 2nd most reported economic crime affecting 32% of organisations”
Source: PwC Global Economic Crime Survey