Every single thing we do in this world has its risks. Waking up has its risks. You may get off of bed and slip on the floor and get hurt, or you could wake up late because you didn't hear your alarm. When we take this concept to computer science, the moment you turn on your computer for the first time, and connect it to the Internet, you are a target and you are taking the risks of going online.
I am a not interesting target, and surely, our knowlegde as computer science engineers make us more difficult targets because we are aware of lots of the problems we have on a daily basis. But an enterprise is a great target to attack. You could control their finances, the information of their employees and clients and God knows what else they could do with all that data. Luckily, someone tought and registered a way to manage this risks: They created frameworks for risk management.
The U.S. (I'm assuming) Government adopted the NIST Framework: It includes 6 basic steps that can be cycled as many times as needed.
- Categorize Information System
- Select Security Controls
- Implement Security Controls
- Access Security Controls
- Authorize Information System
- Monitor Security Controls
In Disney World, I also had to follow some "frameworks". For example, if we saw a bag forgotten on a place, we first have to wait to see if anyone claims it. If not, you have to call security because it could be a bomb or something dangerous. After they decide if it's dangerous or not, they decide if we should keep the bag or if they have to take it. Then they follow some protocols to ensure the safety of all the guests and cast members.
