Security Risk Assessment (SRA)
The Security Risk Assessment or Security Risk Analysis is a fundamental component to ensuring the security and prosperity of a company. It is essential to implement adequate security controls and systems that are commensurate with the organization’s risk exposure.
The process to determine which security controls are appropriate and cost effective, is quite often a complex and at times subjective matter. One of the prime functions of the SRA is to put this process into a more objective format.
Without a SRA, an organisation fails to:
- Understand the threats and vulnerabilities posed;
- Effectively formulate an action plan to mitigate the risks; and
- Minimise the exposure to disruptions and productivity loss.
There are 3 basic components to a Qualitative SRA.
1.Identifying the Threats
These are things that can go wrong or that can ‘attack’ the system/organisation. Threats are ever present.
2.Assessing your vulnerabilities
These make a system/organisation more prone to attack by a threat or make an attack more likely to have some success or impact.
3.Implementing adequate controls
These are the countermeasures for vulnerabilities.
There are four types:
- Deterrent controls reduce the likelihood of a deliberate attack;
- Preventative controls protect vulnerabilities and make an attack unsuccessful or reduce its impact;
- Corrective controls reduce the effect of an attack;
- Detective controls discover attacks and trigger preventative or corrective controls.
SRA’s conducted by MRD ensure clients are advised on the optimal method to protect their assets, resources and infrastructure in the most cost effective manner.