Skip to main content

Risk management

Needless to say, all our protection efforts & postures are deployed to protect against the “head risks” and rightly so...
by Lopamuda Chatterjee
Director, Bariza Software Solutions

In the Risk management or security world, we focus on the “head” which are the common or major risks we face or hear that others faced. For example, when we decide to put up some applications or services on the Internet, we ensure we protect the application against risks such as the OWASP top 10 vulnerabilities, malware, infrastructure security etc. Content security aspects such as spam filtering, antivirus etc. become “head risks” when we talk of email systems.

Time and again we get faced with risks which lie in the “long tail” which we haven’t thought of or heard of. E.g. Terrorists hacked into the home WiFi network of Keith Heywood in Mumbai and sent out an email about their impending attack minutes before 19 explosions killed 49 and wounded more than 200 people in Ahmedabad. Since then WiFi access point security has got attention all across, with the Mumbai Police now planning to test open WiFi access points across the city and would issue notices & citations to the users found using open WiFi access points. Suddenly WiFi access point security has moved from the “head” with everyone talking about it and taking appropriate protection measures.
The question which challenges us is would we face a situation where it’s said that “We got attacked more using vulnerabilities today, which were not exploited at all till yesterday than those which were exploited till yesterday”. Like what Amazon said about the Longtail.
Sounds complex isn’t it; well, we are already facing this issue, “How do we protect ourselves against those seemly obscure risks which suddenly might become important?”.
The answer is not simple and its implementation is possibly more difficult. What is required is a comprehensive Risk management framework which would help us identify our assets, its weaknesses, the probability of attacks and hence the risk. We should also consider the current security posture we have and then the residual risk. What is critical is that this framework needs to be “live” and “in use” all the time, doing it once won’t help. This should be part of the normal business function which would help us identify new or modified risks all the time
We can never say we are 100% safe and protected, what we owe to ourselves and our business is doing all we can to protect our information technology assets.

Comments

Post a Comment

Popular posts from this blog

Boost your php skills with us!!!!

Post a Comment
Read more

Importance of Web Development

Our website is the reflection of your business. It is the first point of contact for many potential customers before they even reach out to you! by  Puloma Kar Human Resource Executive  Even if your business operates offline, your potential customers will search for you before visiting you. So, a website is a must for your business. An online presence of your business will give it more exposure and also help to increase the chances of its success. Therefore, your website has to be the best in every possible way. A professionally designed and developed website will take your business to a new level of growth and success. A professional website needs to be user-friendly, eye-catchy, quick loading time, easy to find, mobile responsive, and most importantly updated with the latest information. To achieve this, you need to upgrade your website regularly according to the need of the market and your business. You will obtain much better results after upgrading ...
1 comment
Read more

We Are Hiring!!!!

Various Vacancies For freshers and opportunity for experienced....... for more information mail us: hr@barizasoftwaresolutions.com barizasoftwaresolutions@gmail.com
Post a Comment
Read more