7.3. The Challenge of Risk vs. Cost
In evaluating and reporting on IT risk, you must often make important trade-offs. This is particularly true in the area of cost. In some cases, risk reduction beyond a defined level of risk isn't worth the cost of mitigation. Let's look at a hypothetical example to understand this common tradeoff.
Consider the increased security risk introduced when employees who need to access sensitive data change from working within a corporate office to working remotely (from home, for instance). Within an office, employees may need to swipe a badge to access that office, and then enter a password to access sensitive data—providing "dual authentication." Remote employees would not be swiping badges to enter an office, ...
Get Under Control: Governance Across the Enterprise now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
