Risk Management
It is impossible to have protection from 100% of all possible threats.
- Such a goal will require a skyrocketing budget just for security measures, which companies can't afford.
As such, each organization should do its research on what types of threats are the most relevant and can bring significant damage to the company, and direct its budget towards controlling these selected threat types. This procedure is called Risk Management, as part of which the organization will assess a risk level as follows:
Risk = (probability that a threat is realized through an attack) * (cost of the damaged asset)
The higher a calculated risk is, the more resources the company should devote to controlling that threat.
Risk Management assists an organization in maximizing protection and minimizing costs and damages, as well as minimizing the probability or impact of unfortunate events.
These notes by Miriam Briskman are licensed under CC BY-NC 4.0 and based on sources.