Tuesday, March 6, 2007

Risk Options

Old, but still relevant.
Wisdom consists in being able to distinguish among dangers and make a choice of the least harmful.
— Niccolo Machiavelli, The Prince
Value vs. Cost

This is still one of the hardest aspects of security today. What are your different assets worth and how much will you spend on protecting them? The difficulty raises when intangible assets are involved. How much is a customer list worth? What about credit card information?

For a corporation a $2,000 laptop is not a major asset, but when customer data resides on the laptop the value of the asset just increased. Now spending $1,000 on the laptop's security (Physical lock down cable, encryption, phone home software, etc.) may be an acceptable cost.

On the other had when is risk transfer the best solution?

Consider the owners of rare gems and artwork. I bet every single one has an insurance policy that covers theft and destruction. While the owner would rather keep the object some or all the financial risk is transfered to the insurance company.

No comments: