Dr. Glenn Hines
Risk Management is one of the major components for a company to be successful as if it is neglected than a single threat can exploit its infrastructure. Risk is a possibility that a loss will occur, which happens when a threat is exposed to a vulnerability. Thereby, managing the risk is an important factor for every company. This paper focuses on the risk management and its importance in Information security. Also gives a brief difference between risk, threat and vulnerability, further detailing the relationship between loss and the risk. It will also discuss the need for an organization to take risks with its data and major components in any organizational risk management plan.Contrast risk, threat, and vulnerability.
To contrast between risk, threat and vulnerability, first we will define each of the above:-
Risk- Risk is a likelihood that a loss will occur, which arises when a threat is exposed to vulnerability.
Threat- It is an activity that represents a possible danger.
Vulnerability- It is a weakness. (For example, in company’s infrastructure)
Threats, normally cannot be controlled as it can be natural like hurricane, flood etc. or it can be from a group of people supporting terrorism. It also remains separate from our control and can only be recognized. On the other side Risk can be mitigated. Lastly, Vulnerability can only be treated by identifying the weaknesses and taking dynamic measures to correct the possible vulnerabilities. (Pinkerton, 2014)
These are all commonly mixed up terms and thereby summing it up:-
Risk= Threat + Vulnerability +…