The main problem of companies and organizations is that THREAT can impact an information resource. Good defend helps organizations to work properly.
Risk is the probability or chance that a threat will impact an information resource.
Risk management it is the way of seeking methods to reduse the risk of impact of treats.(It`s like trying to identify, to control, to put for safe level the Threat and so on).There are two things in this definition that may need some clarification. First, the process of risk management is an ongoing process. It must be repeated indefinitely. The business environment is constantly changing and new threats aviable every day. Second, the choice of controls used to manage risks must strike a balance between productivity, cost, and effectiveness.
Risk analysis is process where organization put the value for each thing which is protecting. Also, we can call it put as categorazing of prioritets of protection level.
Based on this analysation organization considers how to mitigate(to expiate or to make more softer) the risk.
Risk mitigation It is when organization takes strong action against the risk
And it has 2 functions:
- Using controls to prevent threats from outside
- While developing do not give a chance for the threat
- Risk acceptance. (Organizations should not ignore defending system. Updating and so on...)
- Risk transference. Example is purchasing insurance(Copy of your information on other devices like harddisk)
Difficulties of protecting information resources:
- There hudreds of threats exist
- A lot of criminals, who was caugt go unpunished
- The cost of defending sysytem is very high
It`s designed to protect nation`s infrastructures such as energy, transportation, finance and many other things. But it costs so much! For small companies it`s going to be just not cost-effective.