Risk management
Each day, people make decisions to mitigate and prevent various types of risks in their daily lives, workplaces, and organizations. In this context of network security, risk is defined as the likelihood/possibility that a threat actor can cause harm or damage to a system. IT professionals must be able to identify the assets that could be attacked and compromised by cyber-attacks and threats. As you may recall, assets are simply anything that has value to an organization and are usually tangible, intangible, and people (employees). By identifying the assets, security professionals will get a better idea of what needs to be safeguarded from potential threats.
Furthermore, IT professionals need to identify the various types of threats and threat actors and how they can potentially compromise the assets of the organization. A hacker will commonly perform reconnaissance to collect a lot of information about their target before launching an attack. The information that...
