4.3.5 - ICT Security Policies - Factors in Minimising Risk
- Created by: Annie
- Created on: 05-05-13 18:51
View mindmap
- Factors in Minimising Risk
- "the process of assessing the likelihood of certain events happening and estimating the cost of the damage they could cause and what can be done at reasonable cost to eliminate or minimise the risk"
- Likelihood of the risk occuring
- All problems may occur, but risk reducing actions need to be based on how likely they are to occur and the consequences
- E.g. Deleting a file by accident is quite possible and could mean that many weeks of work needs to be re-done
- Threat Consequences
- Short Term
- Goodwill payments to customers for their hassle
- E.g. For delayed deliveries
- Inability to receive orders
- Website down
- Company reputation
- Prosecution of the company for data loss
- Data Protection Act
- Resources needs to be focused upon recovering data rather than the work they should be doing
- Goodwill payments to customers for their hassle
- Long Term
- Employees may lose their jobs
- Companies may go out of business or may not be able to invest into expansion of the company
- Short Term
- Identifying Potential Risks
- Placing value on components of the organisation
- The risks have all been highlighted already, ranging from viruses to floods to deliberate misuse
- Risk analysis is about identifying the risks and looking to minimise them
- The risks concern the loss of ICT hardware, software, communications, staff or files
- How well equipped is the company to deal with the threat
- The company needs to regularly review their procedures for accidental and deliberate misuse to ensure they are minimising their risks
- However useful this sounds, it does not generate income for the company and may become a low priority until something goes wrong
- The company needs to regularly review their procedures for accidental and deliberate misuse to ensure they are minimising their risks
Comments
No comments have yet been made