The realities of risk
April 29, 2006
Opinion by Ira Winkler
To manage risk, you must first define it. While there are many risk formulas, the one that I have found to be most effective is the following quasi-mathematical construction:
Risk = ((Threat * Vulnerability) / Countermeasure) * Value
In this equation, value is the amount that your information and/or services are worth. Notice that I did not refer to the value of your IT, such as the hardware, software and support personnel. The fact is that hardware and software are fungible, and the cost of its replacement is trivial when compared to the value of the data on a computer. A backup tape, for example, might be costly, but it's worth millions if it's storing credit card numbers -- when you consider the potential financial fraud, the cost of reissuing the cards and the loss of business resulting from the loss of customer confidence.
Source: http://www.computerworld.com/
To manage risk, you must first define it. While there are many risk formulas, the one that I have found to be most effective is the following quasi-mathematical construction:
Risk = ((Threat * Vulnerability) / Countermeasure) * Value
In this equation, value is the amount that your information and/or services are worth. Notice that I did not refer to the value of your IT, such as the hardware, software and support personnel. The fact is that hardware and software are fungible, and the cost of its replacement is trivial when compared to the value of the data on a computer. A backup tape, for example, might be costly, but it's worth millions if it's storing credit card numbers -- when you consider the potential financial fraud, the cost of reissuing the cards and the loss of business resulting from the loss of customer confidence.
Source: http://www.computerworld.com/