- Risk avoidance: shutdown of servers when there is suspicion of virus infection
- Risk transfer: hardware insurance to theft, loss and fire damage
- Risk acceptance: let employees receive private emails in company accounts
- Risk mitigation: implement multi-factor authentication to protect trade-secrets
- The financial officer’s estimate that password scanning attacks are highly probable.
- The IT manager’s opinion on what impact a flood would have on the server room.
- The cost to the company for being offline for one day / it’s servers being offline for one day.
- The expected, total number of DDoS attacks per year
Risk Management is important, because it:
- enables identification and protection of all critical assets
- helps ensure legal compliance
Scientific American: Why Economic Models Are Always Wrong. Financial-risk models got us in trouble before the 2008 crash, and they’re almost sure to get us in trouble again