Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

BCS ITNow 201406 - The Risk Business


Published on

Gareth Niblett, Chairman of the BCS Information Security Specialist Group, examines risk and how we can deal with it.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

BCS ITNow 201406 - The Risk Business

  1. 1. So what is risk, especially relating to IT and information? Simply, it is the intersec- tion of assets, threats and vulnerabilities, although things are rarely simple. To provide a basis for risk management prioritisation, some will try and make qualitative or quantitative calculations, using whatever data is at hand, although frequently end up with little more than educated guesses. Assets These are the things you value and may wish to try and protect, including people, property (tangible and intangible), information and data. This includes your reputation, proprietary information, databases, code, sensitive records, equipment and services. All assets can be assigned a value and this can help inform the effort you make in protecting them, if they are under your control. Threats These are the things that might affect your assets, exploiting a vulnerability (accidentally or intentionally), to access, change, damage or destroy them. The threats may range from non- malicious staff stumbling over a flaw, through to highly resourced and motivated state actors intentionally targeting assets and creating or exploiting weaknesses to effect undetected access. Vulnerabilities These are weaknesses that a threat can exploit to compromise an asset. They can be at the people, processes or technology level and the intent of the person, process INFORMATION SECURITY or program exploiting a flaw to gain unauthorised access to an asset is irrelevant to the vulnerability. Most of these are down to software coding errors, and lack of analysis and testing, although some are deliberate and insidious. Risk needs to be managed within acceptable limits, and understanding your assets, threats and vulnerabilities is a necessary first step. Gareth Niblett,Chairman of the BCS Information Security Specialist Group, examines risk and how we can deal with it. Information Security Specialist Group (ISSG): Information Risk Management and Assurance Specialist Group: BCS Security Community of Expertise (SCoE): FURTHER INFORMATION THE RISK BUSINESS doi:10.1093/itnow/bwu041©2014TheBritishComputerSocietyImage:DigitalVision/dv617043 24 ITNOW June 2014 Areyoureadyforthenextwaveofcomputing? Our Next Wave whitepaper series examines the technological trends set to impact business and the skills of the workforce. BC810/LD/AD/0514 © BCS, The Chartered Institute for IT, is the business name of The British Computer Society (Registered charity no. 292786) 2014 Next