Bright Stove

Reflecting information risk journey

Of haze and fog and the visibility of risks

with one comment

The hazy fog in Beijing has triggered many local radio stations and TV news to constantly remind drivers to slow down, turn on the head lamps, and drive with extra care in view of the poor visibility of the road conditions. On the way to the hotel yesterday’s evening, from the Xi’an airport, the driver reported that the fog in Xi’an in the past two days have also resulted in a few major accidents and incidents in the city. One involved a chained collision of 32 vehicles at a highway, and the other was a women being robbed on a side road during the day (blaming both on the poor visibility).

 

Contrary to this, in the logical world, when there is little or no visible knowledge of the inventory of information assets and their vulnerabilities and potential exposures (or threats), users and managers would not be able to see or feel the risk, unlike what the fog can do to let us know that we are at risk. They therefore may feel that their information assets are not at risk. When losses have been incurred, in most instances, only the folks who are involved in the investigation, and the managers/staff responsible are abreast of the related incident and associate exposures. To others, the lack of exposure to the incidents again provide a sense of safety.

 

The nature of digital or logical systems is such that risks are often invisible, until they materialized. With all the challenges that business managements need to manage, lack of visibility would also translate into no action. In information security risk management, one of the important tasks is to therefore make the risks visible. This could then bring about better awareness, and enable actions to be taken based on the risk situations.

Advertisements

Written by mengchow

November 26, 2009 at 9:53 am

Posted in Risk Management

One Response

Subscribe to comments with RSS.

  1. […] visibility of risk in the online world (aka Cyberspace) is so opaque that even after learning about an incident that […]

    Like


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: