Risk: A Four Letter Word with Three Levers

Effective risk management should go beyond simple vulnerability

We rely heavily on vulnerability-centric security for a variety of reasons, but the two key influencers are the legal and cultural concerns with threat identification/management and the assumption that assets are always fixed or growing. These two concerns can often be overcome by comprehensive planning and sound risk management implementation.

What does that mean to you?

Remember that in effective risk management, you have three big levers to pull to mitigate and manage your organization’s security: threats, vulnerabilities and assets. In order to be effective, you need to consider carefully all three, and ensure you’re leveraging all three as part of the solution. Next time you read of a security incident, consider if it was centered around a threat, a vulnerability or an asset. Learn to spot the differences, and recognize when your safeguards are out of balance.


John McCumber is a security and risk professional, and author of “Assessing and Managing Security Risk in IT Systems: A Structured Methodology,” from Auerbach Publications. E-mail him at Cool_as_McCumber@cygnusb2b.com.