An understanding of information risk is vital for organisations to manage the data they hold effectively. I’m going to look at some basics of ensuring that your organisation takes a mature approach to its risks.
In your personal life you take risks all the time. Indeed it would be impossible to do anything at all without accepting a degree of risk! For example, before leaving the house we (often subconsciously) undertake a risk analysis.
Risks when I leave the house
- I get hit by a bus
- A dog bites me
- I get rained on
We then consider how likely these risks are to occur and how large the impact would be upon us; this allows us to decide if the risk is acceptable. For example if it’s cloudy and thundering outside then there is a high likelihood I will get rained on. Given the high likelihood of the risk and the impact it will have on me, I may decide not to leave the house. Alternatively I may decide that the benefits of going out outweigh the risk of getting rained on. In so doing I have set a personal risk appetite regarding getting rained on. Continue reading »