Enterprise-Wide Risk Assessment The best choices made in enterprise-wide risk assessment are ones which admit that no organization can adequately prepare and protect themselves from every risk. Rather, in order to engage in enterprise-wide risk assessment in a lasting and meaningful way, one needs to be able to pinpoint critical assets along with key vulnerabilities. This chapter covers yet another issue in this process, which is the ability to understand the threat environment that one's work or business exists within, so that one can accurately assess the overall risk of the enterprise.

Another solid choice in comprehensive enterprise-wide risk assessment is the issue of anticipating and preventing for insider threats. Too much time, money and energy is spent on protecting data from external threats, when there are already significant security issues presented from the inside to one's network or systems. Security awareness training is one solid...

For instance, a red flag of an internal threat would be if an employee makes a large download near the time of their resignation. All team members need to know the importance of being aware of such aberrant behavior and understand that they have a shared duty in reporting it.
Enterprise-wide risk assessment, when done properly, helps to prevent one from too easily overlooking the fact that trusted business partners and other such contractors still have access to one's information and information networks. While these people are trusted, one absolutely should not overlook the fact that they do have the ability to attack and thus, might attack at some point in the future.

Behavioral Precursors

One aspect of…