The network security industry recommends that an organization periodically perform risk modeling,assessment, and risk management to anticipate and take pro-active measures against threats.
(Read more: Top 5 Application Security Technology Trends )
While this is a noble venture, a recent Internet search for “risk assessment” resulted in the return of over 38 million responses, with many of these risk-modeling processes including methods to calculate the cost of risk mitigation compared to the cost of recovery, in the
event the risk occurs and various ways to determine the return on investment (ROI) within the risk assessment and mitigation process. Some of these solutions are so convoluted and abstract as to be almost unworkable.
What is needed is a simple-to-operate risk modeling and assessment process and checklist.