Chapter 1

Managing Risk

• As an administrator, you are responsible

• You must enable data to exist

• You must protect it, authenticate it, secure it, and keep it in the form that complies with every applicable law, policy, and regulation.

• Data can be accidentally deleted, overwritten, stolen, and lost.

• Potential harms represent risks

• Data can be corrupted, it can be accessed by those who shouldn’t see it, values can be changed

If the cost of preventing a particular risk from becoming a reality exceeds the value of the harm that could occur, then a cost-benefit risk calculation dictates that the risk should stand

• Risk calculations weigh a potential threat against the likelihood or probability of it occurring.

• Residual risk - fact that some risks will and must remain