We are talking IT security risk – not financial or other security.

IT security Risk – How to define it?

Colors Green, Yellow, Orange, Red ? Numbers 12345 , or wording – low, med, high.



Image from BCM – Business Continuity Management Institute


But whatever we use it may not be very accurate in our field, as risk is subjective, and my risk may not be the same as your risk.

Or let’s define that better than my and yours.

Single owner  website (revenue less than $200k)

Business revenue from $200k -$500k

revenue from $500k – $750k

revenue $1mil-$10mil

revenue $10mil – 100mil

Enterprise business (revenue higher than 100mil

To assess risk we can turn to well established procedures:


From the http://www.gao.gov/special.pubs/ai00033.pdf  from 1999 of all years.




Look at your operation and figure out what is your most important digital assets?

Estimating the likelihood of threats is not so easy when your own organization may not be attacked


You have to look at other organizations that have been breached and make a determination with that data  http://www.privacyrights.org/data-breach

There were 4603 data breaches made public since 2005 and 868 million records breached.

So do not assume you will not be, and there is negligible risk in your operation.   “We have no risk”.

The potential losses from your analysis of important digital assets are where the focus of risk should be.


This includes the following:

customer database, employee database, employee health records, employee email.

Remember to assess email servers, as your email is an important aspect of your business. And if your email gets hacked is also a dollar amount that must be figured out.



In the coming days we will attempt to define a subjective risk analysis method.

What about DOS or Denial of Service? even if low likely hood of hacking, if your mail server is no longer operational, what does that cost?

By zafirt

2 thoughts on “What is Your Risk Level?”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.