What is risk?
It may seem like a simple question, but as with most things in IT the answer can get complicated. Risk exists because of the threat of a vulnerability. In other words, you have to have both a threat and a vulnerability to have risk. Now, what is a threat and a vulnerability? A threat is X and a vulnerability is a known weakness.
When explaining these concepts I often use a vehicle analogy. The threat is a thief in the parking lot going from vehicle to vehicle attempting to open an unlocked door. The vulnerability is that you forgot to lock your car door before going into the store. Thus your risk is high because a thief is actively attempting to open unlocked doors in the parking lot.
However, if you locked your car door before going into the store your overall risk is low because while the threat of a thief attempting to get into your vehicle is high, you’ve managed the vulnerability by locking your car door. Conversely, if you do not even have a vehicle in the parking lot then your risk is zero. Simple, right?
What is technology risk management?
Generally your business won’t be able to control the threats nearly as much as your business can manage its vulnerabilities. Managing vulnerabilities is still a difficult task, but if your business is able to take proactive measures to mitigate vulnerabilities as they become known then the overall risk to your business can be greatly lowered.
How to leverage technology risk management?
Information security is based on three principles: confidentiality, integrity, availability. In a business context, these three principles exist to protect the information and data your business is responsible for. Perhaps your business has regulatory requirements (e.g. SOX, GLBA, HIPAA), or you may simply want to protect your intellectual property.
How do these services help your business?
These services help you understand what your highest risk areas are and how to efficiently manage your overall risk exposure.