In this 3-part blog, we will discuss the differences between Threat, Vulnerability, and Risk when carrying out a Security Risk Assessment.
In a world in which data, and protecting that data, are fundamental considerations for all organisations. Clients and customers demand that their information be secure when in your possession, and if you are unable to secure it, they will take their business elsewhere. Many organisations with highly sensitive information demand a rigid security framework are in place before contracts are signed.
With that in mind how secure is your IT infrastructure and would you be able to fulfil stringent security requirements?
The most effective way to ensure the best possible security processes are in place is to carry out Security Risk Assessments. Broadly speaking this is broken down into three areas, Threat, Vulnerability and Risk. A full understanding of these will assist in an organisation or individual to highlight weakness and implement processes to mitigate them.
Part 1 – Threat
Within the UK are categorised within the two field Traditional and Non-Traditional Threats.
Traditional Treats are:
- Organised Crime
Non-Traditional Threats are:
- Natural disaster (flood, earthquake)
- Unintentional action (lack of training)
- Ignorance of the rules
Although most threats, more often than not, are beyond the control or influence of an organisations control and with risks becoming more challenging to identify in advance, it is essential to take appropriate measures to assess threats regularly.
It is probably a good idea at this stage to highlight Threat actors; a threat actor is an individual or group that is engaged in 1 or more of the Traditional threat activities.
The best way to identify the most significant threats to your organisation is to engage in the creation of an up to date credible threat assessment, compiled in conjunction with your local police force, council and any other relevant agencies you deem necessary. The maintenance of your threat assessment should be allocated to an individual or team to monitor and update as the common threats change.