To increase the cost of replacing tangible assets

To establish the level of protection appropriate for each asset

To prioritize intangible assets over tangible assets

To complicate the planning of protection strategies

Hackers attempting to compromise information assets

Viruses originating from external sources

Intentional or unintentional actions by employees

Environmental disasters like hurricanes or floods

To allocate security resources and budgeting equally to all assets

To establish documentation procedures for all assets

To create an inventory of all assets in the organization

To plan protection strategies more effectively

The level of risk that a system has without any controls in place

The risk associated with controls needed in an organization

The risk that remains after controls have been put in place

The risk related to a particular asset and a particular threat

Increase the likelihood of the threat

Transferring risk by avoiding the threat

Purchasing insurance to protect the asset

Ignoring the risk and doing nothing about it

To identify potential threats

To calculate the recovery timeframes

To ensure critical business functions are maintained during disruptions

To prioritize critical systems

To calculate the recovery time objectives (RTO)

To identify threats that can affect processes/assets

To establish the order of restoration in a disaster

To ensure the safety of personnel during a disaster