Data Security and Risk Management

High likelihood and low impact

Low likelihood and high impact

Low likelihood and low impact

High likelihood and high impact

To calculate the financial cost of risks

To give a numerical value to risks

To eliminate all risks

To identify the source of risks

Accidental viewing of data

Legal hacking with permission

Accessing systems without permission

Data loss due to equipment failure

Accidental data access

Long-term spying to gather secrets

Legal data monitoring

A single hacking attempt

Deliberate hacking

Accidental data deletion

Mistakes or lack of knowledge

Intentional data tampering

Access involves viewing data, loss means data is irretrievable

Access is intentional, loss is accidental

Access is caused by equipment failure, loss is caused by hacking

Access is always legal, loss is always illegal

A hard drive failing

A virus spreading and deleting data

Accidentally deleting a file

A technician misconfiguring access levels

To back up the data

To legally access information

To make it harder for an organization to operate

To accidentally stumble upon secrets

Backing up data

Accidentally losing data

Viewing data without changing it

Modifying data to benefit the attacker

Confidentiality

Availability

Integrity

Accessibility