Don't Ignore Risk Assessments
April 29, 2008
It's a common scenario: A risk assessments is conducted. Some recommendations are enacted. But most recommendations in the risk assessment are ignored. As time goes by, the report gathers dust on a shelf.
While common, that practice can be a real problem if an incident occurs. If a high profile security breach occurs and it is later determined, perhaps in a lawsuit, that the company had prior warning that its security wasn't up to par, the company could be legally liable.
Clearly it's not always possible to enact all the recommendations in a security audit. Rather than ignoring the problem, prioritize and determine the biggest threats, the costs and work on implementing changes.
Read next on FacilitiesNet