Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Strategic Security: Risk Assessment


McDonald's founder Ray Kroc once said, "If you're not a risk taker, you should get the hell out of business." Today, technology provides golden opportunities that would amaze yesterday's entrepreneurs. The flip side is that companies willing to take the leaps necessary to thrive in a competitive global economy expose themselves to hazards unheard of even 10 years ago. To survive, enterprises must continually use risk-assessment methods. Otherwise, they could unwillingly follow the second half of Kroc's advice.

Specifically, IT professionals can't limit their risk assessment to IT networks and computers. Physical security must be considered, as well as employees: People aren't just a company's most valuable asset, they're also the easiest to compromise. Risk-assessment practices must be codified within your organization through policies, standards and guidelines.

A Neverending Process

Risk assessment, which we define as the process of identifying factors that can negatively influence operations and an executive's ability to make informed choices, has been around for years as a means of gauging the status of a company's assets versus potential risks. Like most activities in business, it focuses primarily on the bottom line. An infosec professional's role in risk assessment is to determine the cost to the organization if particular vulnerabilities are exploited.

  • 1