Risk is a situation that involves exposure to danger, where it might cause a potential harm. Risk management is a process of a quick respond and controlled to the risks in order to minimise their threats. In another word, risk management involves understanding, analysing and addressing risk to make sure organisations fulfil and achieve their objectives. Meanwhile, risk assessment is the methodical process of evaluating the risks’ prospective that might involve in the project activities.
Risks occur frequently in the world of computer security. Thus, it is important to keep your system up to date and to know everything happens in and around your system. The term risk assessment in computer security is a process of implementing techniques to mitigate the risks. A simple example, is how to implement security techniques to your house to mitigate risks in the future or to make sure thief cannot come inside your house and steel you. Let’s take a real-life example and try to find some of the vulnerabilities in which it might cause threats.
The figure above shows an example of a normal house, which might be vulnerable to many threats via thieves. Due to the absence of security, the thief can penetrate the house and steal valuable things such as, jewelleries, money, TVs, PCs, accessories and many more. Therefore, it is important to implement risk assessments and risk managements to mitigate these threats as much as possible.
Risk assessment is the process of introducing and finding the vulnerabilities within the system that might cause threats or allow the attacker to gain access to the system. Below are some of the vulnerabilities that might be exploited from the figure above:
- The windows might be used to penetrate the house.
- The door can be used/ broken to penetrate the house.
- There is no security camera to record video of any suspicious activities.
- And many more.
Risk management is the taken steps to manage and control the system by implementing different techniques to avoid the threats from being occurred. Below are some techniques than can be introduced to the house to mitigate the threats or the attacker from exploiting these vulnerabilities.
- Implement fence around the windows (bulletproof).
- Add a fence around the house.
- Have a dog outside the house for more security.
- Install recorded cameras to monitor and control the area around the house.
- Patrolling the area around the house.
The figure below for more details about the implemented security techniques:
Remember: you cannot build secure systems unless you know the threats to which you are susceptible.