Page 89 - Cyber Warnings
P. 89
Enterprise Systems Security Assessment Challenges: What
Mitigation Strategy Can Be Utilize?
By Dr. Daniel Osafo. Harrison, D.C.S., Security+.
Loghry and Veach (2009) stated that a risk assessment is “a qualitative measure of the potential
for losses resulting from the occurrence of uncertain events in a specific period of time” (p. 31).
This means that the organization must anticipate the challenges with loss that the company may
have so that these areas can be fixed. Loghry and Veach suggested that any safety or security
professional could conduct a risk assessment with some practice and a little research. A risk
assessment will include logical thinking to the hazards or threats that the organization may go
through on a daily basis.
Introduction
Organizations working with data and personal information from clients should be sure to assess
their enterprise security on a regular basis. Risk assessment is one of the most important
assessments an organization can do because it provides an organization with information about
the security measures taken and whether these measures are protecting the company.
Clark (2014) stated that organizations should have a team of people who are available to do the
risk assessment so that they concentrate on the entire organization instead of only on IT
matters. This team should be assigned to only deal with risk management. The team should be
responsible for bringing together all the people who will need to be involved with the risk
assessment (Clark, 2014).
Clark (2014) identified several steps to take in doing an adequate risk assessment. Some of
those steps include:
• Identify and map what is important – the organization must understand the different aspects of
the security risks that are important. The organization must map out processes and how they
are done to understand better those areas that may be at risk.
• Determine what could go wrong – the most difficult part of any assessment is to try and
anticipate what the threats to the organization could be and how to stop them. The organization
must look at the processes as though there were no controls in order to see where they are
most vulnerable. Some things to look at are employee theft of data, unauthorized access and
unauthorized changes in codes or unexpected data manipulation.
• Determine the likelihood of the threat happening and its impact – The organization must look
at where they are most vulnerable and what would happen if the situation did occur. For
example, they must decide whether the threat would impact them financially, loss of business,
89 Cyber Warnings E-Magazine November 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
