|
of
Assets
“The
classical definition of Risk Analysis is one that describes it as a process to
ensure that the security controls for a system are fully commensurate with its
risks.”[7]
Translated,
this means that the amount of security deployed should be related to the
overall asset value (including collateral assets that could be effected[8]). Thus, risk analysis provides a
mechanism to determine which assets should be protected immediately (based upon
relative worth) and not require that all Security Domain assets be secured.
Some
of the other documented benefits of performing risk assessment are:
· Provides a means
to cost justify security investments.
· Breaks down
business boundaries and build business relationships.
Business management would be responsible to determine the security risk level
that would be tolerable for a particular asset. IT/Security staff would need to
work with the management team to determine the cost/solution. Based upon both
factors, a cost/security ratio could be developed and used as a metric.
· Risk Analysis
allows security to be analyzed from a business needs perspective and not just
from a technological solution basis.
· The team risk
analysis activity raises the security awareness to a greater number of
personnel.
· Provides a
mechanism to evaluate security in a “consistent” manner.
· Facilitates
communication between different business entities.
|
