Identifying Threats is one of the most important things to do before building a risk assessment. To accomplish that, it is recommended to use risk factors. In those risk factors, identifying vulnerabilities of threats that may happen is the first step. If our risk model allows some threats through we must understand that there can’t be a 100% secure system, but the risk model should define those exceptions.

For example, if one of our administrators is allowed to have access to the HR-Operations system, then the risk level of that asset will be higher because there is a hole in that system. If that user is not trained properly in information security awareness, then the system is condemned to be breached somehow. 

“What will the next threat to the treasury be?”

After we’ve determined the risk value of the hospital as a location and have placed the server securely in an off-site location, we next need to see that any attacks to the treasury are kept at bay by the controls…

Nick Thymianis
“We need to face the fear of being left unoticed and start loving ourselves for what we are. We were all made perfect, including what we believe are our imperfections.”
a
a
a