"Risk Management Program for Data Mart"

 

A decision among the employees to leave computers unprotected in spite of the duration allows for unauthorized physical access which would be a big risk. Another risk would be the decision by an agency to ignore the installation of Antivirus software and proper firewall configuration because a person might gain remote access via the Internet.Risk management can narrow down to a simple measure like the requirement that every employee should ensure that a computer is locked after use and firewall installation to regulate remote access.

A risk management process starts with risk assessment. Assessment of risks entails the identification of threats as well as vulnerabilities followed by the establishment of the probability of occurrence and the effect of every risk. It is useful to designate a team or an individual, with a proper understanding of the business needs to continually participate in the management of information security risk. The assigned team or the person is expected to work with other people from the organization to better understand the composition of the business program in view of the information assets alongside the technologies involved and risk-related issues such as costs and likelihood.

Asset classification would be necessary if an organization is interested in assessing its information risk.Information assets include all categories of data such as databases, files and records among others. Information assets often include things like confidential records and customer records. The role to protect the security attributes (confidentiality, availability plus reliability) of information assets is left to a business enterprise. The information owner helps in determining the value of an asset.

In the context of information assets, ownership refers to a group or an individual charged with the duty to make the classification as well as control decisions pertaining to the use of information.