Tag Archives: Risk Assessment

Information security is often described using the CIA Triad. The CIA stands for Confidentiality, Integrity, and Availability and these are the three elements of data that information security tries to protect. If we look at the CIA triad from the attacker’s viewpoint, they would seek to compromise confidentiality by stealing data, integrity by manipulating data and availability by deleting data or taking down the systems that host the data. By and far, most attacks have been focused on disrupting confidentiality or availability so defense mechanisms and training have also been…

Continue reading

If you had a breach of your most sensitive data tomorrow, how much would it cost you?  There are quite a few studies that provide data on the costs of data breaches.  These usually provide a per-record cost that organizations can use to project the cost of a breach.  For example, Ponemon Institute’s Seventh Annual U.S. Cost of a data breach showed the cost per record to be $194 and the average cost per breach $5.5 million.  This per-record cost includes many other variables but if your breach is on…

Continue reading

An information security risk assessment is the process of identifying vulnerabilities, threats, and risks associated with organizational assets and the controls that can mitigate these threats. Risk managers and organizational decision makers use risk assessments to determine which risks to mitigate using controls and which to accept or transfer. There are two prevailing methodologies for performing a risk assessment. These are the qualitative and quantitative approaches. A third method termed mixed or hybrid combines elements of the qualitative and quantitative approaches. Quantitative Information Security Risk Assessment Quantitative information security risk…

Continue reading