Normally, one would think that risk management is something best left to large companies or corporations. Of course, true risk management should be. However, by looking at what all risk management entails and bringing it down to a more personal level, it becomes possible to take advantage of the discipline to protect yourself.
Risk management is about looking at ways a company can be hurt and finding ways to prevent that from happening. If not prevention, then minimizing the risk to the point where it does not significantly hurt the company. This basic tenant of risk management can be taken advantage of by the average user.
Vulnerability versus Threat
In personal terms, a vulnerability is something that can happen to your system. For instance, your data is vulnerable to fire if you don't have a protected backup somewhere. Your system may be vulnerable to a virus or Trojan if you don't have an anti-virus program running. It also might be vulnerable if you don't maintain security updates offered by your operating system vendor. Your system might be vulnerable to a hacker attack if you don't run a firewall. Conversely, a hacker is a threat to your system, as is a virus or Trojan. There is a threat of data loss, or to be more specific, you could lose your important information including pictures, files, personal information from a fire, flood, weather, etc. Vulnerabilities and threats don't have to be purely intrusion-related. A vulnerability can actually be something as simple as someone getting onto your computer that you didn't plan on. A threat could be the likelihood that someone would get on and get sensitive information or do damage.
What to do?
In future articles, we will go over some of the potential threats and vulnerabilities that are currently being faced, as well as more details on how to prevent these. In the meantime, take a good hard look at your computer. Identify your vulnerabilities, then identify your threats. There are potential vulnerabilities and threats in virtually every aspect. From the computer itself to the possible personal information that may be on that computer.
Traditional risk management involves taking all the identified vulnerabilities and threats and then determining the likelihood they will happen. Once the likelihood is determined, then the damage that it can cause is determined. Something with a high likelihood of occurring and a high level of potential damage must be dealt with and dealt with immediately. A good example of this would be a virus. Viruses are everywhere; the likelihood you will get one in your email is very high. What if you got a virus and you have a large collection of family photos stored on your computer? What if the virus wiped them all out? What would be the potential of damage? It would most likely be catastrophic. Therefore, this would be something that would require your immediate attention. It would require taking the necessary precautions to prevent this from happening. Anything that has a high potential of damage and at least a moderate potential of occurring should have either a prevention measure or a plan to recover from. Anything that has a low potential of damage or a low likelihood of occurring does not necessarily need a plan or a fix. For instance, if you are the only one that uses your computer and you normally do not have very many people over at your location, then while the potential of damage might be high, the likelihood of it occurring is low. With that in mind, there is no need to take additional steps to protect the physical security of your system.
Go To Page: 1 2
| Here's the follow-up discussion on this article: | View all related messages |
For a complete listing of article comments, questions, and other discussions related to Thomas Williams's PC Security topic, please visit the Discussions page.