Risk management is essential as a Systems Security officer because it is our job to protect our clients and customers’ assets from threats. Those threats can include internal and external threats as well as skilled and unskilled agents, and natural events. Threats also come in the form of hackers, a worm seriously degrading the performance of a network, violation of security and user privacy, and many other threats.
Protecting assets is important because those clients and customers count on us to protect their information and data. Assets can be vulnerable to attacks due in part to a lack of access control. poop procedures and lack of training. Other vulnerabilities include a lack of understanding of the security protocols used, a lack of communication structure, not being able to respond quickly to an attack or threat, and misuse of access by authorized users.
Controls used in risk management and asset protection are things that are put in place between threats and assets.IT countermeasures include things like firewalls, smart cards, and antivirus software. Non-it countermeasures can be put into place as well such as guards and procedures, implementing regular security training, and awareness training for employees.