Security Risk Analysis | Risk Analysis
The goal of the risk analysis is to reach an economic balance
between the impact of the
risk (loss) on the company and the cost of protective measures.
Webster's Dictionary defines "risk" as "the
chance of injury, damage or loss."
Risks are essential elements of our culture, which cannot
be disregarded as simply chance
occurrences. Risks must be viewed as reality but each
risk is not necessarily inevitable.
In the present context we are viewing risks in terms of
three categories of assets:
The risk analysis process incorporates the following tasks:
- Identify the assets in need of protection.
- Identify the kinds of risks that may affect the assets
(internal theft, external theft, assault, loss of proprietary
- Determine the effect or impact if a loss occurs.
- Determine the probability of risk occurrence.
- This is not an exact measurement but an effort to project
a range of probability.
The ultimate success of the risk analysis will be very dependent
on the role of top
management in the process. Management must support the
project and make this known
throughout the organization.