Risk is the possibility of an attack or threat compromising your IT infrastructure. It is normally accomplished by exploiting vulnerabilities in computers, networks, and even people. Scenario: You work for a medium-sized business with 200 computers and users. The company has experienced extremely fast growth, and until now has not been concerned with risk. Your task is to define risk to your company and develop plans to deal with it effectively. The board of directors is interested in finding out the annualized loss expectancy for the company's servers. The board also wishes to have some kind of management plan in place that includes analyzing network documentation and mitigating threats and potential compromise. What type of risk assessment should you recommend? Because you don't know exactly what will happen to your company's servers in the future, it is impossible to predict exactly what will happen to them, and when, and how much it will cost. What concept, in addition to your risk assessment method, can aid in this? What kind of management plan should you implement? What basic steps does it entail?

pur-new-sol

Related Questions