Effectiveness of Security Control Risk Assessments for Enterprises: Assess on the Business Perspective of Security Risks

摘要

Today's businesses being IT enabled, the complexity of risks affecting the business has increased manifold and the need to gauge the Information Technology risks acting on the business operations has become paramount. The business managers who run business operations need to operate securely and seamlessly leveraging Information Technology and ability to recover and resume the business without any loss of confidentiality, integrity and availability of business information/data in any event of a security incident. There is a need to quantify the impact of the IT security risk on the critical business processes, and provide the business-level insight at the management level. It is critical to classifying the Risk Ratings as per the impact on the business operations. This approach allows the organizations to understand and prioritize the security risk management activities that make the most sense for their organization to secure the business operations instead of trying to protect against every conceivable threat.