Risk Control Matrix
Threats and Vulnerabilities
Risks
Likelihood
Impact
Risk Mitigation Techniques
Introduction of viruses and malware to the organizational network
• Data leakage/theft
• “Owned” systems (zombies)
• System downtime
• Resources required to clean systems
Likely
Significant
• Ensure that antivirus and antimalware controls are installed on all systems and updated daily.
• Consider use of content filtering technology to restrict or limit access to social media sites.
• Ensure that appropriate controls are also installed on mobile devices such as smartphones.
• Establish or update policies and standards.
• Develop and conduct awareness training and campaigns to inform employees of the risks involved with using social media sites.
Exposure to customers and the enterprise through a fraudulent or hijacked corporate presence
• Customer backlash/adverse legal actions
• Exposure of customer information
• Reputational damage
• Targeted phishing attacks on customers or employees
Likely
Significant
• Engage a brand protection firm that can scan the Internet and search out misuse of the enterprise brand.
• Give periodic informational updates to customers to maintain awareness of potential fraud and to establish clear guidelines regarding what information should be posted as part of the enterprise social media presence.
Unclear or undefined content rights to information posted to social media sites
• Enterprise’s loss of control/legal rights of information posted to the social media sites
Unlikely to possible
Significant
• Ensure that legal and communications teams carefully review user agreements for social media sites that are being considered.
• Establish clear policies that dictate to employees and customers what information should be posted as part of the enterprise social media presence.
• If feasible and appropriate, ensure that there is a capability to capture and log all communications.
A move to a digital business model may increase customer service expectations.
• Customer
Risks
Likelihood
Impact
Risk Mitigation Techniques
Introduction of viruses and malware to the organizational network
• Data leakage/theft
• “Owned” systems (zombies)
• System downtime
• Resources required to clean systems
Likely
Significant
• Ensure that antivirus and antimalware controls are installed on all systems and updated daily.
• Consider use of content filtering technology to restrict or limit access to social media sites.
• Ensure that appropriate controls are also installed on mobile devices such as smartphones.
• Establish or update policies and standards.
• Develop and conduct awareness training and campaigns to inform employees of the risks involved with using social media sites.
Exposure to customers and the enterprise through a fraudulent or hijacked corporate presence
• Customer backlash/adverse legal actions
• Exposure of customer information
• Reputational damage
• Targeted phishing attacks on customers or employees
Likely
Significant
• Engage a brand protection firm that can scan the Internet and search out misuse of the enterprise brand.
• Give periodic informational updates to customers to maintain awareness of potential fraud and to establish clear guidelines regarding what information should be posted as part of the enterprise social media presence.
Unclear or undefined content rights to information posted to social media sites
• Enterprise’s loss of control/legal rights of information posted to the social media sites
Unlikely to possible
Significant
• Ensure that legal and communications teams carefully review user agreements for social media sites that are being considered.
• Establish clear policies that dictate to employees and customers what information should be posted as part of the enterprise social media presence.
• If feasible and appropriate, ensure that there is a capability to capture and log all communications.
A move to a digital business model may increase customer service expectations.
• Customer