Ultimately, each organization must
decide how much risk it is willing to bear. It is crucial, however,
that this decision be made on an informed basis. Many organizations
believe their key systems and data to be safe when in fact this
is far from the truth. Organizations that fail to identify and
address critical vulnerabilities often assume levels of risk
that they would not find acceptableif they only knew
about them.
Vulnerability assessments are invaluable tools to help organizations
identify the risks they are facing. Annual or bi-annual assessments
should be part of every security program.
|