Information security is more complex that it appears, it deals with conventions further than just the implementation or blocked stuff.
Risk management, is like being alcoholic. The first step to get over it and tackle it is to accept that risks exists and are closer than what you believe. Even though you might think that you’re not the billionaire that hackers are looking for, outside there’s lot of people looking for vulnerable points in your systems to steal your information.
A good way to prevent it is the risk management. These are the six steps:
1. Categorize. You need to categorize dangers. If we group dangers according to its characteristics, we can attack more dangers in an easier way.
2. Select. You have to select the technology or correct measure that you will applied to each danger.
3. Implement. This step is easy, you need to implement the measures you selected previously.
4. Assess. You need to evaluate the things you are going to use, and decide if it’s better to use a better one or keep using the currently.
5. Authorize. This works by accepting the solution, and have a clear method of what to do in case it is needed.
6. Continuous monitoring. Keep looking for anomalies, you need to know what are you looking for and where. So, if you find something already know what to do, because you have followed the framework and have a plan to solve it.
Following the steps, we can prevent that a risk will not affect as hard as it can. Honestly, most of the risks, will hit in a relatively hard way, but not as much as if there’s no defense set.