Information Risk Management (IRM)
Information Risk Management (IRM) can be described as the efforts taken to combat threats, vulnerabilities and consequences of unprotected data. The number of threats to unsecure files are many, the vulnerabilities are very real and the consequences for a business can be dire.
Elements of Information Risk Information risk management involves performing an honest and thorough assessment of your clients' stored data. What kind of risks are threatening it? What is making it vulnerable to those risks? And what would happen if that data was compromised?
- Threats: Somewhat ironically, the number-one threat to a company’s IT is humans. And not all of those data compromises are conducted by hackers. Over a third of all the data security breaches that happen at government agencies are accidents, the fault of an internal employee acting carelessly. And that’s to say nothing of viruses and other forms of malware, which pose an ongoing threat to all forms of IT.
- Vulnerabilities: The vulnerabilities of a company exist in the loads of sensitive data that is stored, accessed, modified, transferred and then stored again in different places by different people. This information often includes names, social security numbers and other personal data. It can also include financial information such as credit card and bank account numbers.
- Consequences: Identity theft occurs once every two seconds in the United States. Financial data records are lost or stolen at a clip of 32 per second. Either of these consequences can be crippling to a business or individual.