Home
Risk Management

Risk Management

Risk Assessment

Whether part of compliance regulations or not, organizations should consider risks that can cause loss of data and make plans to deal with the risks. Part of keeping SQL Server and its data secure is the ability to retain the data and functionality if one location is destroyed or otherwise compromised.

Organizations can spend a lot of resources attempting to eliminate risks. It is often beneficial to assess the cost and liklihood of each risk in order to prioritize efforts to mitigate the risks.

Risk Costs

Costs related to risks are not simply monetary costs. If something bad happens, it can harm the organization in multiple ways including:

  • Direct financial loss.
  • Customers could directly lose money, if, for example, hackers obtained their financial information from your compromised systems.
  • Reputation. Your company’s reputation could be harmed which in turn causes a loss of business far into the future.
  • Business continuity. Lost data can cause your business processes to grind to a halt, idling employees and other resources.
  • Fines. Government agencies could charge your business fines for failure to comply with regulations or by failing to protect customer information.
Risks

Some of the risks that can lead to losses include:

  • Hardware Failure.
  • Physical destruction from fire, floods, tornados, hurricanes, war, or other.
  • Data destruction performed intentionally by disgruntled employees.
  • Data destruction performed unintentionally by employees.
  • Theft of physical servers.
Risk Management

Ever since businesses have been using computers, many have implemented programs to manage the risks of data loss. Risks from hackers has been added in recent decades to those plans.

The basic formula of Risk Management is to:

  • Identify the risks,
  • Estimate the costs of the realization of each risk,
  • Look for ways to eliminate the risks,
  • If risks can’t be eliminated, look for ways to mitigate the risks (to reduce the damage caused if the risk occurs)
  • Make plans to recover and become operational again if a risk occurs (Disaster Recovery)