Did you know?
A risk assessment is a process to uncover gaps and to document a road map for better cybersecurity practices and organizational resilience. It can often determine the cost and likelihood of an incident while quantifying the need for security spending.
How does it work?
Risk assessments should be performed on IT assets, especially those containing Personally Identifiable Information (PII). Hazards in terms of computer systems include anything that can affect the confidentiality, integrity, or availability of an IT asset. Performing Penetration Tests, as part of a risk assessment, helps gain invaluable knowledge about potential vulnerabilities. Regulations, including HIPAA and GDPR, require regulated entities to perform regular risk assessments of both digital and physical assets.
What to do now?
- Regularly assess risk, especially risk from noncompliance and other oft-overlooked sources
- Manage and reduce risk
- Assess the risk versus reward of all potential actions
How to do it?
- Identify hazards
- Catalog everything that has the potential to cause harm
- Determine who or what can be harmed
- Determine the potential damages to any assets or external parties
- Evaluate risks and decide how to take action
- Assess the likelihood of damages and the cost if it did occur
- Determine
costs and effectiveness of actions to mitigate risk - Record findings
- Records of risk assessments should be kept for government audits and future reference
- Review and update regularly
- Potential hazards are constantly changing. Conduct risk assessments regularly to stay up-to-date
Regulators often require risk assessment on both physical and digital systems; however, it is advisable to assess risk from noncompliance regardless of the regulatory requirement.
How can PorzioCS help?
Porzio Compliance Services (“PorzioCS”) is a unique partner to the business community. A subsidiary of a leading law firm, PorzioCS focuses on data privacy and cybersecurity compliance together with incident response policies for closely-held businesses outside of the traditional financial services and healthcare areas and educational institutions.
For client engagements PorzioCS assembles teams of appropriate experts, internal and external, to scope the client’s needs, develop a project plan, collaborate with the client to hit the plan targets, deliver the plan goals, and transition the plan maintenance to the client.
There is no cost to make a call to ask a question. The real cost is not knowing who to call when you learn your data has been accessed/infiltrated/stolen/corrupted.
Contact James Mottola, VP of Data Privacy, Cybersecurity, and Investigations at 973-889-4229 or jmottola@porziocs.com.