Without a complete and thorough risk assessment including all its component parts (discussed herein), you might as well open all your data assets to unbridled exfiltration via Port 80 without any security checks at all. In the end, attackers and criminal digital profiteers will get what they came for in either case.
Defending risks without knowing what those risks are is like playing a round of paintball with your eyes closed — you’ll keep missing your opponent. A risk assessment gives the enterprise a specific, more finely narrowed field of targets for which to aim.
In this fifth and final installment of a five-part presentation of information security risk defense via informed incident response, CSO regurgitates reliable resources and expert steps you should use on the way to protecting data assets and stores in your enterprise. (See also as part of this series: How to audit external service providers.)
To continue reading this article register now