This week the blog will be focusing on risk analysis and assessments.
The basic definitions of risk analysis and assessment are the identification of levels of risk in an organization, and the process that assigns them scores/ratings to enable an organization to implement anticipate, mitigate, and control for threats to their organization, respectively. Given the abundance of retail attacks in the last decade, it is safe to assume merchants worldwide would benefit from further risk management in their organizations.
Put simply, the retail sector would benefit tremendously from increasing their risk management. The first steps would be to categorize assets including hardware, software, and personnel. From there, you would give each asset a value - for example, the highest asset value could be POS software. For instance, if a DDoS attack were to occur on this type of asset, it could result in a compromise of valuable customer information, and loss of money/business for the duration of the outage. With this information you would also combine any threat identification known to your particular business, goods, or even geographical location. It would also be beneficial to identify the likelihood a threat would/could occur, and the frequency with which it happens.
There are obvious inherent risks and threats in any industry, however the retail sector has been hit the hardest as of late. The tide might be turning in favor of other industries - those for which cyber criminals gain access to health information, or hack companies for 'fun' or political motivation (see Anthem, or Sony for example). But the pervasive threat facing the consumer world is abundant. Mitigating these threats through proper risk assessment, analysis, and management is crucial to maintaining this industry.
- Angie
No comments:
Post a Comment