- You Can’t Protect What You Do Not Know
- You really need to understand your information assets
- Define critical level for each asset
- Know where the assets are located i.e. local or remote
- Protect you intellectual property
Risk is any event that adversely impacts your ability to succeed in reaching your business goals.
Survival is key…
Your financial strength and goodwill as well as the overall quality of its products, services and people are all controlled by your risk profile. This is even more critical if you have governmental or regulatory requirement.
- What Is In Your Risk Collection?
Your framework for your risk assessment process is your collection of risk objects. It is the outline and definition in a common repository of information.
How should you categorize your risk profile:
- Indemnification Risk
- Marketplace Risk
- Tactical Risk
- Strategic Risk
- Identify Stakeholders
To protect your intellectual assets, you should identify the most appropriate person to monitor and manage those risks. If someone has a vested interest in the information, they will be more likely to want to be a part of the “risk team”. The risk team is responsible for executing and maintaining applicable controls in the related area of responsibility.
- Identify Controls To Alleviate & Minimize Risks
Working with the risk owners, identify current controls that are in place to mitigate and/or reduce risk. Each control should also be assigned an owner or responsible party. This can be a functional responsibility, instead of an individual or specific person.
- Assess Risk Theoretically And Resulting Impact
The company’s risk profile is based on the compromise between risk and return. Assessing the financial impact and likelihood of risk should provide information to accept, reject or reduce risk. Risk owners should evaluate risk base on a few criteria.
- Financial Impact or Significance – gauge impact if this happened
- Likelihood – For many of the risks, develop a situation-based approach for assessment on the probability of risk happening.
- Develop A Process For Reassessment
The risk assessment is a reproducible process and should be performed yearly or more frequently after reviewing substantial changes in your risk elements. Revaluate and change as necessary and begin process over again to ensure reducing your risk profile. Global Cybersecurity Solutions LLC provides each business with a Playbook to assist in managing the process and help you “Keep an eye on Security!”
Written by Kaleigh Sporko