Consider a company that works with different types
of clients all across the world and offers the software as per
their needs.
Importance of risk assessment to the
security framework of the organization:
- Risk
assessment helps in identifying the security threats to the
business of an organization in advance and helps in preventing it
from occurring.
- Finding the weaknesses of the system helps in
taking precautionary measures and prevents the breakdown of the
system.
- Risk
assessment helps in keeping the data safe and prevents it from
losing. Risk assessment measures also increase awareness about the
potential threats of the system and safeguard the data.
- Sometimes employee habits, actions, and
negligences can cause a threat to security inside the organization,
awareness about the problems can help prevent those actions in the
first place.
- Different systems of the organization may require
different ways of securing the system. Risk assessment helps in
identifying potential and effective ways to secure these different
systems.
Five layers of risk are as
follows:
Layer 1:
- The
first layer of the risk is associated with external
risks.
- In
most cases, these types of risks are dangerous to the business as
they can shut down the business.
- Examples are natural disasters, hurricanes,
flooding, etc.
- They
affect the organization as well as the customers.
Layer 2:
- The
risk associated with this layer are risks of the
facilities.
- Facilities such as medical emergencies, electrical
power, telephone wires, etc. are great utilities but their damage
is also risky for the organization's business.
Layer 3:
- These risks are related to data
systems.
- Different computers in the organization share
different types of information along with performing various
activities.
- Data
loss can cause legal problems in the organization.
- Data
systems should have their own level of security measures to keep
the data of the company intact.
Layer 4:
- These are departmental risks.
- Every department of the company performs critical
operations.
- It
is important for the organization to have all the departmental
goals met.
- Each
department makes use of its own programs as well as tools to
perform the tasks evenly.
- The
security risk to these programs as well as tools can cause overall
performance degradation.
Layer 5:
- This
layer involves the System desk area.
- These
types of risks are related to tasks and jobs performed on the
system and on the desk.
- Keeping important documents on the desk, writing
passwords, leaving the system logged in, etc. can expose a lot of
sensitive data about the company.