SlideShare a Scribd company logo

Risk assessment is the process which - identify hazards, analyzes an.pdf

H
harihelectronicspune

Risk assessment is the process which - identify hazards, analyzes and evaluates the risk associated with that hazard, determines appropriate ways to eliminate or control the hazard. In practical terms, a risk assessment is a thorough look of a workplace to identify those things, situations, processes, etc that may cause harm, particularly to people. After identification is made, you evaluate how likely and severe the risk is, and then decide what measures should be in place to effectively prevent or control the harm from happening. Risk assessments are not easy and they are not meant to be. If companies could easily identify and understand all the types of risks to their business and could evaluate how to effectively mitigate those risks, then the world would be a much more boring place. Fundamentally, while there are different titles used across formal methodologies, the expected end result is still the same: to understand what risks exist to your business and have idea solid understanding of the likelihood and impact of a realized risk. Too often I see that an information technology or information security team member is assigned to conduct a risk assessment that naturally, because of their role in the organization, becomes IT focused. While there are some technology specific risks that are adequately addressed in this manner, the intent I am focusing on is an organizational risk assessment. Information security/technology teams usually do not know the business processes and will focus their efforts on specific threats and technology and then are unable to justify, in business terms, the need for new security products. On the other side of the fence, business personnel will know their processes and what data is important for them, but most likely have little knowledge of the technology supporting their processes. This can result in “risk reducing” proposals for complicated process changes that may not be needed if new technical tools can be introduced. Bringing the teams together and bridging that knowledge gap is a key action to conducting a thorough risk assessment. To solve this issue, it is best to have a team dedicated to risk management for an organization. As an organization gets bigger, it may be appropriate to have a team or, or members of a team, assigned to different business units. While this team may be charged with drafting the formal risk assessment report(s), the purpose of this team should not be to conduct the risk assessment, but to bring together the appropriate business and technical stakeholders and facilitate the risk assessment process. Whoever is responsible for facilitating the risk assessment should be able to establish with the organization that protecting data is the primary goal and that all of the people processes, hardware, software and other technology are tools used to do something with the data. Once the premise of the assessment is understood and sensitive data elements are identified, then it is time to .

Education
1 of 3
Download to read offline
Risk assessment is the process which - identify hazards, analyzes and evaluates the risk associated with that hazard, determines appropriate ways to eliminate or control the hazard. In practical terms, a risk assessment is a thorough look of a workplace to identify those things, situations, processes, etc that may cause harm, particularly to people. After identification is made, you evaluate how likely and severe the risk is, and then decide what measures should be in place to effectively prevent or control the harm from happening. Risk assessments are not easy and they are not meant to be. If companies could easily identify and understand all the types of risks to their business and could evaluate how to effectively mitigate those risks, then the world would be a much more boring place. Fundamentally, while there are different titles used across formal methodologies, the expected end result is still the same: to understand what risks exist to your business and have idea solid understanding of the likelihood and impact of a realized risk. Too often I see that an information technology or information security team member is assigned to conduct a risk assessment that naturally, because of their role in the organization, becomes IT focused. While there are some technology specific risks that are adequately addressed in this manner, the intent I am focusing on is an organizational risk assessment. Information security/technology teams usually do not know the business processes and will focus their efforts on specific threats and technology and then are unable to justify, in business terms, the need for new security products. On the other side of the fence, business personnel will know their processes and what data is important for them, but most likely have little knowledge of the technology supporting their processes. This can result in “risk reducing” proposals for complicated process changes that may not be needed if new technical tools can be introduced. Bringing the teams together and bridging that knowledge gap is a key action to conducting a thorough risk assessment. To solve this issue, it is best to have a team dedicated to risk management for an organization. As an organization gets bigger, it may be appropriate to have a team or, or members of a team, assigned to different business units. While this team may be charged with drafting the formal risk assessment report(s), the purpose of this team should not be to conduct the risk assessment, but to bring together the appropriate business and technical stakeholders and facilitate the risk assessment process.
Whoever is responsible for facilitating the risk assessment should be able to establish with the organization that protecting data is the primary goal and that all of the people processes, hardware, software and other technology are tools used to do something with the data. Once the premise of the assessment is understood and sensitive data elements are identified, then it is time to bring teams together to link business processes that access the sensitive data and the technology used to support those processes and evaluate where risks are present. Once this is complete the teams can define and evaluate controls that are appropriate for the protection of the data. In order to make a properly determine what the right level of protection is for your organization, and make the sound business case needed to get the tools and resources to meet that level of protection, you need to know both the operational risks and technology risks exposed within your organization. Operational risks can include compliance, financial and reputational risks (i.e, what happens if data is exposed, lost or manipulated) and technology risks include all risks related to the use of IT (i.e., how do we ensure only authorized users have access to data or how do we detect data loss or manipulation). Solution Risk assessment is the process which - identify hazards, analyzes and evaluates the risk associated with that hazard, determines appropriate ways to eliminate or control the hazard. In practical terms, a risk assessment is a thorough look of a workplace to identify those things, situations, processes, etc that may cause harm, particularly to people. After identification is made, you evaluate how likely and severe the risk is, and then decide what measures should be in place to effectively prevent or control the harm from happening. Risk assessments are not easy and they are not meant to be. If companies could easily identify and understand all the types of risks to their business and could evaluate how to effectively mitigate those risks, then the world would be a much more boring place. Fundamentally, while there are different titles used across formal methodologies, the expected end result is still the same: to understand what risks exist to your business and have idea solid understanding of the likelihood and impact of a realized risk. Too often I see that an information technology or information security team member is assigned
to conduct a risk assessment that naturally, because of their role in the organization, becomes IT focused. While there are some technology specific risks that are adequately addressed in this manner, the intent I am focusing on is an organizational risk assessment. Information security/technology teams usually do not know the business processes and will focus their efforts on specific threats and technology and then are unable to justify, in business terms, the need for new security products. On the other side of the fence, business personnel will know their processes and what data is important for them, but most likely have little knowledge of the technology supporting their processes. This can result in “risk reducing” proposals for complicated process changes that may not be needed if new technical tools can be introduced. Bringing the teams together and bridging that knowledge gap is a key action to conducting a thorough risk assessment. To solve this issue, it is best to have a team dedicated to risk management for an organization. As an organization gets bigger, it may be appropriate to have a team or, or members of a team, assigned to different business units. While this team may be charged with drafting the formal risk assessment report(s), the purpose of this team should not be to conduct the risk assessment, but to bring together the appropriate business and technical stakeholders and facilitate the risk assessment process. Whoever is responsible for facilitating the risk assessment should be able to establish with the organization that protecting data is the primary goal and that all of the people processes, hardware, software and other technology are tools used to do something with the data. Once the premise of the assessment is understood and sensitive data elements are identified, then it is time to bring teams together to link business processes that access the sensitive data and the technology used to support those processes and evaluate where risks are present. Once this is complete the teams can define and evaluate controls that are appropriate for the protection of the data. In order to make a properly determine what the right level of protection is for your organization, and make the sound business case needed to get the tools and resources to meet that level of protection, you need to know both the operational risks and technology risks exposed within your organization. Operational risks can include compliance, financial and reputational risks (i.e, what happens if data is exposed, lost or manipulated) and technology risks include all risks related to the use of IT (i.e., how do we ensure only authorized users have access to data or how do we detect data loss or manipulation).

Recommended

It risk assessment
It risk assessmentIt risk assessment
It risk assessmentHappiest Minds Technologies
 
Challenges in implementing effective data security practices
Challenges in implementing effective data security practicesChallenges in implementing effective data security practices
Challenges in implementing effective data security practiceswacasr
 
u10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacobu10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji JacobBeji Jacob
 
4Brian DennisonJohn DensonIT454 -1504B-01Mon, 121415.docx
4Brian DennisonJohn DensonIT454 -1504B-01Mon, 121415.docx4Brian DennisonJohn DensonIT454 -1504B-01Mon, 121415.docx
4Brian DennisonJohn DensonIT454 -1504B-01Mon, 121415.docxgilbertkpeters11344
 
200606_NWC_Strategic Security
200606_NWC_Strategic Security200606_NWC_Strategic Security
200606_NWC_Strategic SecurityChad Korosec
 
Facilitated Risk Analysis Process - Tareq Hanaysha
Facilitated Risk Analysis Process - Tareq HanayshaFacilitated Risk Analysis Process - Tareq Hanaysha
Facilitated Risk Analysis Process - Tareq HanayshaHanaysha
 
Protecting PHi- 1-2016
Protecting PHi- 1-2016Protecting PHi- 1-2016
Protecting PHi- 1-2016Bill Steuer
 
Cybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfCybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfTheWalkerGroup1
 

Recommended

It risk assessment
It risk assessmentIt risk assessment
It risk assessmentHappiest Minds Technologies
 
Challenges in implementing effective data security practices
Challenges in implementing effective data security practicesChallenges in implementing effective data security practices
Challenges in implementing effective data security practiceswacasr
 
u10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji Jacobu10a1-Risk Assessment Report-Beji Jacob
u10a1-Risk Assessment Report-Beji JacobBeji Jacob
 
4Brian DennisonJohn DensonIT454 -1504B-01Mon, 121415.docx
4Brian DennisonJohn DensonIT454 -1504B-01Mon, 121415.docx4Brian DennisonJohn DensonIT454 -1504B-01Mon, 121415.docx
4Brian DennisonJohn DensonIT454 -1504B-01Mon, 121415.docxgilbertkpeters11344
 
200606_NWC_Strategic Security
200606_NWC_Strategic Security200606_NWC_Strategic Security
200606_NWC_Strategic SecurityChad Korosec
 
Facilitated Risk Analysis Process - Tareq Hanaysha
Facilitated Risk Analysis Process - Tareq HanayshaFacilitated Risk Analysis Process - Tareq Hanaysha
Facilitated Risk Analysis Process - Tareq HanayshaHanaysha
 
Protecting PHi- 1-2016
Protecting PHi- 1-2016Protecting PHi- 1-2016
Protecting PHi- 1-2016Bill Steuer
 
Cybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfCybersecurity risk assessments help organizations identify.pdf
Cybersecurity risk assessments help organizations identify.pdfTheWalkerGroup1
 
10 Tips to Improve Your Security Incident Readiness and Reponse
10 Tips to Improve Your Security Incident Readiness and Reponse10 Tips to Improve Your Security Incident Readiness and Reponse
10 Tips to Improve Your Security Incident Readiness and ReponseEMC
 
Vskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills
 
For our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdfFor our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdfalokkesh
 
Physical Security Assessment
Physical Security AssessmentPhysical Security Assessment
Physical Security AssessmentFaheem Ul Hasan
 
The Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentThe Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentBradley Susser
 
Risk management planExecutive SummaryThe past.docx
Risk management planExecutive SummaryThe past.docxRisk management planExecutive SummaryThe past.docx
Risk management planExecutive SummaryThe past.docxSUBHI7
 
A Practical Approach to Managing Information System Risk
A Practical Approach to Managing Information System RiskA Practical Approach to Managing Information System Risk
A Practical Approach to Managing Information System Riskamiable_indian
 
5 THREAT AND RISK ASSESSMENT APPROACHES.pptx
5 THREAT AND RISK ASSESSMENT APPROACHES.pptx5 THREAT AND RISK ASSESSMENT APPROACHES.pptx
5 THREAT AND RISK ASSESSMENT APPROACHES.pptxBluechip Gulf IT Services
 
RISK MITIGATION AND THREAT IDENTIFICATIONIntroductionInforma.docx
RISK MITIGATION AND THREAT IDENTIFICATIONIntroductionInforma.docxRISK MITIGATION AND THREAT IDENTIFICATIONIntroductionInforma.docx
RISK MITIGATION AND THREAT IDENTIFICATIONIntroductionInforma.docxjoellemurphey
 
MITS Advanced Research TechniquesResearch ProposalStudent’s Na
MITS Advanced Research TechniquesResearch ProposalStudent’s NaMITS Advanced Research TechniquesResearch ProposalStudent’s Na
MITS Advanced Research TechniquesResearch ProposalStudent’s NaEvonCanales257
 
A Guide for Businesses.pdf
A Guide for Businesses.pdfA Guide for Businesses.pdf
A Guide for Businesses.pdfDaviesParker
 
Risk management by Deepak kumar dwivedi
Risk management by Deepak kumar dwivediRisk management by Deepak kumar dwivedi
Risk management by Deepak kumar dwivediEm Red
 
Efficacy of OCTAVE Risk Assessment Methodology in Information Systems Organiz...
Efficacy of OCTAVE Risk Assessment Methodology in Information Systems Organiz...Efficacy of OCTAVE Risk Assessment Methodology in Information Systems Organiz...
Efficacy of OCTAVE Risk Assessment Methodology in Information Systems Organiz...Editor IJCATR
 
Risksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability ManagementRisksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability ManagementMighty Guides, Inc.
 
The human factor
The human factorThe human factor
The human factorKoen Maris
 
Week 1Defining the Safety Management SystemSeveral years .docx
Week 1Defining the Safety Management SystemSeveral years .docxWeek 1Defining the Safety Management SystemSeveral years .docx
Week 1Defining the Safety Management SystemSeveral years .docxcelenarouzie
 
Running Head ENTERPRISE RISK MANAGEMENT 1ENTERPRISE RISK MANA.docx
Running Head ENTERPRISE RISK MANAGEMENT 1ENTERPRISE RISK MANA.docxRunning Head ENTERPRISE RISK MANAGEMENT 1ENTERPRISE RISK MANA.docx
Running Head ENTERPRISE RISK MANAGEMENT 1ENTERPRISE RISK MANA.docxtodd271
 
xv-whitepaper-workforce
xv-whitepaper-workforcexv-whitepaper-workforce
xv-whitepaper-workforceMario Ferraro
 
Information Security
Information SecurityInformation Security
Information Securitydivyeshkharade
 
Proactive information security michael
Proactive information security michael Proactive information security michael
Proactive information security michael Priyanka Aash
 
Entero pluri assay ,done to detect the enterobacteriaceae bacteria w.pdf
Entero pluri assay ,done to detect the enterobacteriaceae bacteria w.pdf Entero pluri assay ,done to detect the enterobacteriaceae bacteria w.pdf
Entero pluri assay ,done to detect the enterobacteriaceae bacteria w.pdfharihelectronicspune
 
steam distillation is an effective way to separat.pdf
steam distillation is an effective way to separat.pdf steam distillation is an effective way to separat.pdf
steam distillation is an effective way to separat.pdfharihelectronicspune
 

More Related Content

Similar to Risk assessment is the process which - identify hazards, analyzes an.pdf

10 Tips to Improve Your Security Incident Readiness and Reponse
10 Tips to Improve Your Security Incident Readiness and Reponse10 Tips to Improve Your Security Incident Readiness and Reponse
10 Tips to Improve Your Security Incident Readiness and ReponseEMC
 
Vskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills
 
For our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdfFor our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdfalokkesh
 
Physical Security Assessment
Physical Security AssessmentPhysical Security Assessment
Physical Security AssessmentFaheem Ul Hasan
 
The Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentThe Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentBradley Susser
 
Risk management planExecutive SummaryThe past.docx
Risk management planExecutive SummaryThe past.docxRisk management planExecutive SummaryThe past.docx
Risk management planExecutive SummaryThe past.docxSUBHI7
 
A Practical Approach to Managing Information System Risk
A Practical Approach to Managing Information System RiskA Practical Approach to Managing Information System Risk
A Practical Approach to Managing Information System Riskamiable_indian
 
5 THREAT AND RISK ASSESSMENT APPROACHES.pptx
5 THREAT AND RISK ASSESSMENT APPROACHES.pptx5 THREAT AND RISK ASSESSMENT APPROACHES.pptx
5 THREAT AND RISK ASSESSMENT APPROACHES.pptxBluechip Gulf IT Services
 
RISK MITIGATION AND THREAT IDENTIFICATIONIntroductionInforma.docx
RISK MITIGATION AND THREAT IDENTIFICATIONIntroductionInforma.docxRISK MITIGATION AND THREAT IDENTIFICATIONIntroductionInforma.docx
RISK MITIGATION AND THREAT IDENTIFICATIONIntroductionInforma.docxjoellemurphey
 
MITS Advanced Research TechniquesResearch ProposalStudent’s Na
MITS Advanced Research TechniquesResearch ProposalStudent’s NaMITS Advanced Research TechniquesResearch ProposalStudent’s Na
MITS Advanced Research TechniquesResearch ProposalStudent’s NaEvonCanales257
 
A Guide for Businesses.pdf
A Guide for Businesses.pdfA Guide for Businesses.pdf
A Guide for Businesses.pdfDaviesParker
 
Risk management by Deepak kumar dwivedi
Risk management by Deepak kumar dwivediRisk management by Deepak kumar dwivedi
Risk management by Deepak kumar dwivediEm Red
 
Efficacy of OCTAVE Risk Assessment Methodology in Information Systems Organiz...
Efficacy of OCTAVE Risk Assessment Methodology in Information Systems Organiz...Efficacy of OCTAVE Risk Assessment Methodology in Information Systems Organiz...
Efficacy of OCTAVE Risk Assessment Methodology in Information Systems Organiz...Editor IJCATR
 
Risksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability ManagementRisksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability ManagementMighty Guides, Inc.
 
The human factor
The human factorThe human factor
The human factorKoen Maris
 
Week 1Defining the Safety Management SystemSeveral years .docx
Week 1Defining the Safety Management SystemSeveral years .docxWeek 1Defining the Safety Management SystemSeveral years .docx
Week 1Defining the Safety Management SystemSeveral years .docxcelenarouzie
 
Running Head ENTERPRISE RISK MANAGEMENT 1ENTERPRISE RISK MANA.docx
Running Head ENTERPRISE RISK MANAGEMENT 1ENTERPRISE RISK MANA.docxRunning Head ENTERPRISE RISK MANAGEMENT 1ENTERPRISE RISK MANA.docx
Running Head ENTERPRISE RISK MANAGEMENT 1ENTERPRISE RISK MANA.docxtodd271
 
xv-whitepaper-workforce
xv-whitepaper-workforcexv-whitepaper-workforce
xv-whitepaper-workforceMario Ferraro
 
Proactive information security michael
Proactive information security michael Proactive information security michael
Proactive information security michael Priyanka Aash
 

Similar to Risk assessment is the process which - identify hazards, analyzes an.pdf (20)

10 Tips to Improve Your Security Incident Readiness and Reponse
10 Tips to Improve Your Security Incident Readiness and Reponse10 Tips to Improve Your Security Incident Readiness and Reponse
10 Tips to Improve Your Security Incident Readiness and Reponse
 
Vskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample Material
 
For our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdfFor our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdf
 
Physical Security Assessment
Physical Security AssessmentPhysical Security Assessment
Physical Security Assessment
 
The Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentThe Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk Assessment
 
Risk management planExecutive SummaryThe past.docx
Risk management planExecutive SummaryThe past.docxRisk management planExecutive SummaryThe past.docx
Risk management planExecutive SummaryThe past.docx
 
A Practical Approach to Managing Information System Risk
A Practical Approach to Managing Information System RiskA Practical Approach to Managing Information System Risk
A Practical Approach to Managing Information System Risk
 
5 THREAT AND RISK ASSESSMENT APPROACHES.pptx
5 THREAT AND RISK ASSESSMENT APPROACHES.pptx5 THREAT AND RISK ASSESSMENT APPROACHES.pptx
5 THREAT AND RISK ASSESSMENT APPROACHES.pptx
 
RISK MITIGATION AND THREAT IDENTIFICATIONIntroductionInforma.docx
RISK MITIGATION AND THREAT IDENTIFICATIONIntroductionInforma.docxRISK MITIGATION AND THREAT IDENTIFICATIONIntroductionInforma.docx
RISK MITIGATION AND THREAT IDENTIFICATIONIntroductionInforma.docx
 
MITS Advanced Research TechniquesResearch ProposalStudent’s Na
MITS Advanced Research TechniquesResearch ProposalStudent’s NaMITS Advanced Research TechniquesResearch ProposalStudent’s Na
MITS Advanced Research TechniquesResearch ProposalStudent’s Na
 
A Guide for Businesses.pdf
A Guide for Businesses.pdfA Guide for Businesses.pdf
A Guide for Businesses.pdf
 
Risk management by Deepak kumar dwivedi
Risk management by Deepak kumar dwivediRisk management by Deepak kumar dwivedi
Risk management by Deepak kumar dwivedi
 
Efficacy of OCTAVE Risk Assessment Methodology in Information Systems Organiz...
Efficacy of OCTAVE Risk Assessment Methodology in Information Systems Organiz...Efficacy of OCTAVE Risk Assessment Methodology in Information Systems Organiz...
Efficacy of OCTAVE Risk Assessment Methodology in Information Systems Organiz...
 
Risksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability ManagementRisksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability Management
 
The human factor
The human factorThe human factor
The human factor
 
Week 1Defining the Safety Management SystemSeveral years .docx
Week 1Defining the Safety Management SystemSeveral years .docxWeek 1Defining the Safety Management SystemSeveral years .docx
Week 1Defining the Safety Management SystemSeveral years .docx
 
Running Head ENTERPRISE RISK MANAGEMENT 1ENTERPRISE RISK MANA.docx
Running Head ENTERPRISE RISK MANAGEMENT 1ENTERPRISE RISK MANA.docxRunning Head ENTERPRISE RISK MANAGEMENT 1ENTERPRISE RISK MANA.docx
Running Head ENTERPRISE RISK MANAGEMENT 1ENTERPRISE RISK MANA.docx
 
xv-whitepaper-workforce
xv-whitepaper-workforcexv-whitepaper-workforce
xv-whitepaper-workforce
 
Information Security
Information SecurityInformation Security
Information Security
 
Proactive information security michael
Proactive information security michael Proactive information security michael
Proactive information security michael
 

More from harihelectronicspune

Entero pluri assay ,done to detect the enterobacteriaceae bacteria w.pdf
Entero pluri assay ,done to detect the enterobacteriaceae bacteria w.pdf Entero pluri assay ,done to detect the enterobacteriaceae bacteria w.pdf
Entero pluri assay ,done to detect the enterobacteriaceae bacteria w.pdfharihelectronicspune
 
steam distillation is an effective way to separat.pdf
steam distillation is an effective way to separat.pdf steam distillation is an effective way to separat.pdf
steam distillation is an effective way to separat.pdfharihelectronicspune
 
Nothing, really. Cu has a charge of 3+ or 2+ in .pdf
Nothing, really. Cu has a charge of 3+ or 2+ in .pdf Nothing, really. Cu has a charge of 3+ or 2+ in .pdf
Nothing, really. Cu has a charge of 3+ or 2+ in .pdfharihelectronicspune
 
2) Starter culture is the culture of microorganisms used to inoculat.pdf
2) Starter culture is the culture of microorganisms used to inoculat.pdf2) Starter culture is the culture of microorganisms used to inoculat.pdf
2) Starter culture is the culture of microorganisms used to inoculat.pdfharihelectronicspune
 
1. What were the organizational benefits for having a cloud computin.pdf
1. What were the organizational benefits for having a cloud computin.pdf1. What were the organizational benefits for having a cloud computin.pdf
1. What were the organizational benefits for having a cloud computin.pdfharihelectronicspune
 
what is x(4-3x)-7Solutionx(4-3x)-7 is just an algebraic expres.pdf
what is x(4-3x)-7Solutionx(4-3x)-7 is just an algebraic expres.pdfwhat is x(4-3x)-7Solutionx(4-3x)-7 is just an algebraic expres.pdf
what is x(4-3x)-7Solutionx(4-3x)-7 is just an algebraic expres.pdfharihelectronicspune
 
What probability value would complete the following probability dist.pdf
What probability value would complete the following probability dist.pdfWhat probability value would complete the following probability dist.pdf
What probability value would complete the following probability dist.pdfharihelectronicspune
 
TriggerTrigger is set of statements or stored program which inclu.pdf
TriggerTrigger is set of statements or stored program which inclu.pdfTriggerTrigger is set of statements or stored program which inclu.pdf
TriggerTrigger is set of statements or stored program which inclu.pdfharihelectronicspune
 
The equation isE = hcL where E is the energy, h is planc.pdf
The equation isE = hcL where E is the energy, h is planc.pdfThe equation isE = hcL where E is the energy, h is planc.pdf
The equation isE = hcL where E is the energy, h is planc.pdfharihelectronicspune
 
The white matter of the cerebellum is called arbor vitae which means.pdf
The white matter of the cerebellum is called arbor vitae which means.pdfThe white matter of the cerebellum is called arbor vitae which means.pdf
The white matter of the cerebellum is called arbor vitae which means.pdfharihelectronicspune
 
The following organs are arranged from anterior to posterior as foll.pdf
The following organs are arranged from anterior to posterior as foll.pdfThe following organs are arranged from anterior to posterior as foll.pdf
The following organs are arranged from anterior to posterior as foll.pdfharihelectronicspune
 
The Open Systems Interconnect (OSI) model has seven layers. this tex.pdf
The Open Systems Interconnect (OSI) model has seven layers. this tex.pdfThe Open Systems Interconnect (OSI) model has seven layers. this tex.pdf
The Open Systems Interconnect (OSI) model has seven layers. this tex.pdfharihelectronicspune
 
The transition in phosphorescence, from a ground singlet state to a .pdf
The transition in phosphorescence, from a ground singlet state to a .pdfThe transition in phosphorescence, from a ground singlet state to a .pdf
The transition in phosphorescence, from a ground singlet state to a .pdfharihelectronicspune
 
this is wrong the answer is 2.1 because x is small and doesnt cont.pdf
this is wrong the answer is 2.1 because x is small and doesnt cont.pdfthis is wrong the answer is 2.1 because x is small and doesnt cont.pdf
this is wrong the answer is 2.1 because x is small and doesnt cont.pdfharihelectronicspune
 
There are four basic principles required by IMA ethical standards,vi.pdf
There are four basic principles required by IMA ethical standards,vi.pdfThere are four basic principles required by IMA ethical standards,vi.pdf
There are four basic principles required by IMA ethical standards,vi.pdfharihelectronicspune
 
The synthesis of particular gene products is controlled by mechanism.pdf
The synthesis of particular gene products is controlled by mechanism.pdfThe synthesis of particular gene products is controlled by mechanism.pdf
The synthesis of particular gene products is controlled by mechanism.pdfharihelectronicspune
 
SolutionWe will assign letters to the first column of graphs and .pdf
SolutionWe will assign letters to the first column of graphs and .pdfSolutionWe will assign letters to the first column of graphs and .pdf
SolutionWe will assign letters to the first column of graphs and .pdfharihelectronicspune
 
Solution Three of the many ways pathogens can cause tissue damage.pdf
Solution Three of the many ways pathogens can cause tissue damage.pdfSolution Three of the many ways pathogens can cause tissue damage.pdf
Solution Three of the many ways pathogens can cause tissue damage.pdfharihelectronicspune
 
Legal & Political factors having significant impact on the U.S. rest.pdf
Legal & Political factors having significant impact on the U.S. rest.pdfLegal & Political factors having significant impact on the U.S. rest.pdf
Legal & Political factors having significant impact on the U.S. rest.pdfharihelectronicspune
 
New Delhi metallo-beta-lactamase 1 (NDM-1) strains of bacteria can s.pdf
New Delhi metallo-beta-lactamase 1 (NDM-1) strains of bacteria can s.pdfNew Delhi metallo-beta-lactamase 1 (NDM-1) strains of bacteria can s.pdf
New Delhi metallo-beta-lactamase 1 (NDM-1) strains of bacteria can s.pdfharihelectronicspune
 

More from harihelectronicspune (20)

Entero pluri assay ,done to detect the enterobacteriaceae bacteria w.pdf
Entero pluri assay ,done to detect the enterobacteriaceae bacteria w.pdf Entero pluri assay ,done to detect the enterobacteriaceae bacteria w.pdf
Entero pluri assay ,done to detect the enterobacteriaceae bacteria w.pdf
 
steam distillation is an effective way to separat.pdf
steam distillation is an effective way to separat.pdf steam distillation is an effective way to separat.pdf
steam distillation is an effective way to separat.pdf
 
Nothing, really. Cu has a charge of 3+ or 2+ in .pdf
Nothing, really. Cu has a charge of 3+ or 2+ in .pdf Nothing, really. Cu has a charge of 3+ or 2+ in .pdf
Nothing, really. Cu has a charge of 3+ or 2+ in .pdf
 
2) Starter culture is the culture of microorganisms used to inoculat.pdf
2) Starter culture is the culture of microorganisms used to inoculat.pdf2) Starter culture is the culture of microorganisms used to inoculat.pdf
2) Starter culture is the culture of microorganisms used to inoculat.pdf
 
1. What were the organizational benefits for having a cloud computin.pdf
1. What were the organizational benefits for having a cloud computin.pdf1. What were the organizational benefits for having a cloud computin.pdf
1. What were the organizational benefits for having a cloud computin.pdf
 
what is x(4-3x)-7Solutionx(4-3x)-7 is just an algebraic expres.pdf
what is x(4-3x)-7Solutionx(4-3x)-7 is just an algebraic expres.pdfwhat is x(4-3x)-7Solutionx(4-3x)-7 is just an algebraic expres.pdf
what is x(4-3x)-7Solutionx(4-3x)-7 is just an algebraic expres.pdf
 
What probability value would complete the following probability dist.pdf
What probability value would complete the following probability dist.pdfWhat probability value would complete the following probability dist.pdf
What probability value would complete the following probability dist.pdf
 
TriggerTrigger is set of statements or stored program which inclu.pdf
TriggerTrigger is set of statements or stored program which inclu.pdfTriggerTrigger is set of statements or stored program which inclu.pdf
TriggerTrigger is set of statements or stored program which inclu.pdf
 
The equation isE = hcL where E is the energy, h is planc.pdf
The equation isE = hcL where E is the energy, h is planc.pdfThe equation isE = hcL where E is the energy, h is planc.pdf
The equation isE = hcL where E is the energy, h is planc.pdf
 
The white matter of the cerebellum is called arbor vitae which means.pdf
The white matter of the cerebellum is called arbor vitae which means.pdfThe white matter of the cerebellum is called arbor vitae which means.pdf
The white matter of the cerebellum is called arbor vitae which means.pdf
 
The following organs are arranged from anterior to posterior as foll.pdf
The following organs are arranged from anterior to posterior as foll.pdfThe following organs are arranged from anterior to posterior as foll.pdf
The following organs are arranged from anterior to posterior as foll.pdf
 
The Open Systems Interconnect (OSI) model has seven layers. this tex.pdf
The Open Systems Interconnect (OSI) model has seven layers. this tex.pdfThe Open Systems Interconnect (OSI) model has seven layers. this tex.pdf
The Open Systems Interconnect (OSI) model has seven layers. this tex.pdf
 
The transition in phosphorescence, from a ground singlet state to a .pdf
The transition in phosphorescence, from a ground singlet state to a .pdfThe transition in phosphorescence, from a ground singlet state to a .pdf
The transition in phosphorescence, from a ground singlet state to a .pdf
 
this is wrong the answer is 2.1 because x is small and doesnt cont.pdf
this is wrong the answer is 2.1 because x is small and doesnt cont.pdfthis is wrong the answer is 2.1 because x is small and doesnt cont.pdf
this is wrong the answer is 2.1 because x is small and doesnt cont.pdf
 
There are four basic principles required by IMA ethical standards,vi.pdf
There are four basic principles required by IMA ethical standards,vi.pdfThere are four basic principles required by IMA ethical standards,vi.pdf
There are four basic principles required by IMA ethical standards,vi.pdf
 
The synthesis of particular gene products is controlled by mechanism.pdf
The synthesis of particular gene products is controlled by mechanism.pdfThe synthesis of particular gene products is controlled by mechanism.pdf
The synthesis of particular gene products is controlled by mechanism.pdf
 
SolutionWe will assign letters to the first column of graphs and .pdf
SolutionWe will assign letters to the first column of graphs and .pdfSolutionWe will assign letters to the first column of graphs and .pdf
SolutionWe will assign letters to the first column of graphs and .pdf
 
Solution Three of the many ways pathogens can cause tissue damage.pdf
Solution Three of the many ways pathogens can cause tissue damage.pdfSolution Three of the many ways pathogens can cause tissue damage.pdf
Solution Three of the many ways pathogens can cause tissue damage.pdf
 
Legal & Political factors having significant impact on the U.S. rest.pdf
Legal & Political factors having significant impact on the U.S. rest.pdfLegal & Political factors having significant impact on the U.S. rest.pdf
Legal & Political factors having significant impact on the U.S. rest.pdf
 
New Delhi metallo-beta-lactamase 1 (NDM-1) strains of bacteria can s.pdf
New Delhi metallo-beta-lactamase 1 (NDM-1) strains of bacteria can s.pdfNew Delhi metallo-beta-lactamase 1 (NDM-1) strains of bacteria can s.pdf
New Delhi metallo-beta-lactamase 1 (NDM-1) strains of bacteria can s.pdf
 

Recently uploaded

Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...PsychoTech Services
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajanpragatimahajan3
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024Janet Corral
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 

Recently uploaded (20)

Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 

Risk assessment is the process which - identify hazards, analyzes an.pdf

  • 1. Risk assessment is the process which - identify hazards, analyzes and evaluates the risk associated with that hazard, determines appropriate ways to eliminate or control the hazard. In practical terms, a risk assessment is a thorough look of a workplace to identify those things, situations, processes, etc that may cause harm, particularly to people. After identification is made, you evaluate how likely and severe the risk is, and then decide what measures should be in place to effectively prevent or control the harm from happening. Risk assessments are not easy and they are not meant to be. If companies could easily identify and understand all the types of risks to their business and could evaluate how to effectively mitigate those risks, then the world would be a much more boring place. Fundamentally, while there are different titles used across formal methodologies, the expected end result is still the same: to understand what risks exist to your business and have idea solid understanding of the likelihood and impact of a realized risk. Too often I see that an information technology or information security team member is assigned to conduct a risk assessment that naturally, because of their role in the organization, becomes IT focused. While there are some technology specific risks that are adequately addressed in this manner, the intent I am focusing on is an organizational risk assessment. Information security/technology teams usually do not know the business processes and will focus their efforts on specific threats and technology and then are unable to justify, in business terms, the need for new security products. On the other side of the fence, business personnel will know their processes and what data is important for them, but most likely have little knowledge of the technology supporting their processes. This can result in “risk reducing” proposals for complicated process changes that may not be needed if new technical tools can be introduced. Bringing the teams together and bridging that knowledge gap is a key action to conducting a thorough risk assessment. To solve this issue, it is best to have a team dedicated to risk management for an organization. As an organization gets bigger, it may be appropriate to have a team or, or members of a team, assigned to different business units. While this team may be charged with drafting the formal risk assessment report(s), the purpose of this team should not be to conduct the risk assessment, but to bring together the appropriate business and technical stakeholders and facilitate the risk assessment process.
  • 2. Whoever is responsible for facilitating the risk assessment should be able to establish with the organization that protecting data is the primary goal and that all of the people processes, hardware, software and other technology are tools used to do something with the data. Once the premise of the assessment is understood and sensitive data elements are identified, then it is time to bring teams together to link business processes that access the sensitive data and the technology used to support those processes and evaluate where risks are present. Once this is complete the teams can define and evaluate controls that are appropriate for the protection of the data. In order to make a properly determine what the right level of protection is for your organization, and make the sound business case needed to get the tools and resources to meet that level of protection, you need to know both the operational risks and technology risks exposed within your organization. Operational risks can include compliance, financial and reputational risks (i.e, what happens if data is exposed, lost or manipulated) and technology risks include all risks related to the use of IT (i.e., how do we ensure only authorized users have access to data or how do we detect data loss or manipulation). Solution Risk assessment is the process which - identify hazards, analyzes and evaluates the risk associated with that hazard, determines appropriate ways to eliminate or control the hazard. In practical terms, a risk assessment is a thorough look of a workplace to identify those things, situations, processes, etc that may cause harm, particularly to people. After identification is made, you evaluate how likely and severe the risk is, and then decide what measures should be in place to effectively prevent or control the harm from happening. Risk assessments are not easy and they are not meant to be. If companies could easily identify and understand all the types of risks to their business and could evaluate how to effectively mitigate those risks, then the world would be a much more boring place. Fundamentally, while there are different titles used across formal methodologies, the expected end result is still the same: to understand what risks exist to your business and have idea solid understanding of the likelihood and impact of a realized risk. Too often I see that an information technology or information security team member is assigned
  • 3. to conduct a risk assessment that naturally, because of their role in the organization, becomes IT focused. While there are some technology specific risks that are adequately addressed in this manner, the intent I am focusing on is an organizational risk assessment. Information security/technology teams usually do not know the business processes and will focus their efforts on specific threats and technology and then are unable to justify, in business terms, the need for new security products. On the other side of the fence, business personnel will know their processes and what data is important for them, but most likely have little knowledge of the technology supporting their processes. This can result in “risk reducing” proposals for complicated process changes that may not be needed if new technical tools can be introduced. Bringing the teams together and bridging that knowledge gap is a key action to conducting a thorough risk assessment. To solve this issue, it is best to have a team dedicated to risk management for an organization. As an organization gets bigger, it may be appropriate to have a team or, or members of a team, assigned to different business units. While this team may be charged with drafting the formal risk assessment report(s), the purpose of this team should not be to conduct the risk assessment, but to bring together the appropriate business and technical stakeholders and facilitate the risk assessment process. Whoever is responsible for facilitating the risk assessment should be able to establish with the organization that protecting data is the primary goal and that all of the people processes, hardware, software and other technology are tools used to do something with the data. Once the premise of the assessment is understood and sensitive data elements are identified, then it is time to bring teams together to link business processes that access the sensitive data and the technology used to support those processes and evaluate where risks are present. Once this is complete the teams can define and evaluate controls that are appropriate for the protection of the data. In order to make a properly determine what the right level of protection is for your organization, and make the sound business case needed to get the tools and resources to meet that level of protection, you need to know both the operational risks and technology risks exposed within your organization. Operational risks can include compliance, financial and reputational risks (i.e, what happens if data is exposed, lost or manipulated) and technology risks include all risks related to the use of IT (i.e., how do we ensure only authorized users have access to data or how do we detect data loss or manipulation).