MANAGING RISK before it manages you
A client in the health service industry was recently amazed to discover that of the 4216 active hosts (IP addresses) discovered in its environment, 1193 (27%) had at least one high risk vulnerability. The organisation is responsible for the funding, management and delivery of public health services to an area containing 1.1 million people, so with a high risk of emerging worms, malware attacks and hacker exploitation indentified, the exisitng situation meant that the confidentiality of patient records and sensitive personal information was at an unacceptable risk. In addition, the character of a number of high risk vulnerabilities increased the likelihood of business disruption.
What about your environment? Have you performed a security risk baseline accross your entire organisation? Is network and system disruption a concern? Are your security controls appropriate to the level of risk faced?
It is likely that your IT environment also contains numerous security weaknesses which may lead to system outage and/or unauthorised access. Other major risks include service disruption and failure to comply with service level agreements, performance degradation, loss of data or system integrity, and exposure of confidential information. These outcomes can have a detrimental effect on your business.
So don't wait until an incident occurs - proactively manage your risks before they manage you!