Chapter 1

Managing Risk

  • As an administrator, you are responsible

  • You must enable data to exist

  • You must protect it, authenticate it, secure it, and keep it in the form that complies with every applicable law, policy, and regulation.

  • Data can be accidentally deleted, overwritten, stolen, and lost.

  • Potential harms represent risks

  • Data can be corrupted, it can be accessed by those who shouldnā€™t see it, values can be changed

If the cost of preventing a particular risk from becoming a reality exceeds the value of the harm that could occur, then a cost-benefit risk calculation dictates that the risk should stand

  • Risk calculations weigh a potential threat against the likelihood or probability of it occurring.

  • Residual risk - fact that some risks will and must remain

Last updated