Computer Risks and Exposures
Computer Risks and Exposures
Computers of all kinds within an organisation are constantly faced with a variety of risks and exposures. It is helpful if we first define these terms:
• Computer risk
Probability that an undesirable event could turn into a loss
• Computer exposure
Results from a threat from an undesirable event that has the potential to become a risk
• Vulnerability
A flaw or weakness in the system that can turn into a threat or a risk
The total impact of computer risks range from minor to devastating and could include any or all of:
• Loss of sales or revenues
• Loss of profits
• Loss of personnel
• Failure to meet government requirements or laws
• Inability to serve customers
• Inability to sustain growth
• Inability to operate effectively and efficiently
• Inability to compete successfully for new customers
• Inability to stay ahead of the competition
• Inability to stay independent without being acquired or merged
• Inability to maintain present customer/client base
• Inability to control costs
• Inability to cope with advancements in technology
• Inability to control employees involved in illegal activities
• Damage to business reputation
• Complete business failure
Computer risks. exposures and losses may be characterised as intentional or unintentional and may involve actual damage, alteration of data or programs as well as unauthorised dissemination of information. Objects which can be affected include physical items such as the hardware or hard-copy outputs which are both vulnerable to risks such as theft or loss; the tele-communications system which can cause major corporate grief if unavailable for any reason as well as being vulnerable to internal or external penetration; the applications software which, being a major control element, is vulnerable to change, bypassing or direct sabotage; systems software such as the operating system itself which can also be amended or circumvented; computer operations where control
Computers of all kinds within an organisation are constantly faced with a variety of risks and exposures. It is helpful if we first define these terms:
• Computer risk
Probability that an undesirable event could turn into a loss
• Computer exposure
Results from a threat from an undesirable event that has the potential to become a risk
• Vulnerability
A flaw or weakness in the system that can turn into a threat or a risk
The total impact of computer risks range from minor to devastating and could include any or all of:
• Loss of sales or revenues
• Loss of profits
• Loss of personnel
• Failure to meet government requirements or laws
• Inability to serve customers
• Inability to sustain growth
• Inability to operate effectively and efficiently
• Inability to compete successfully for new customers
• Inability to stay ahead of the competition
• Inability to stay independent without being acquired or merged
• Inability to maintain present customer/client base
• Inability to control costs
• Inability to cope with advancements in technology
• Inability to control employees involved in illegal activities
• Damage to business reputation
• Complete business failure
Computer risks. exposures and losses may be characterised as intentional or unintentional and may involve actual damage, alteration of data or programs as well as unauthorised dissemination of information. Objects which can be affected include physical items such as the hardware or hard-copy outputs which are both vulnerable to risks such as theft or loss; the tele-communications system which can cause major corporate grief if unavailable for any reason as well as being vulnerable to internal or external penetration; the applications software which, being a major control element, is vulnerable to change, bypassing or direct sabotage; systems software such as the operating system itself which can also be amended or circumvented; computer operations where control