Managing risk

Applies To: Forefront Client Security

Risk management involves engaging in a broad range of activities to identify, control, and mitigate risks. IT planners should use risk management to identify vulnerabilities so that appropriate controls can be put in place to either prevent disasters from happening or to limit the effects of a disaster.

A risk assessment for your Client Security deployment should identify system vulnerabilities, threat, and current controls and attempt to determine the risk based on the likelihood and the impact of a threat.

When assessing risk for your disaster recovery strategy, consider the following:

  • Cost

  • Allowable outage time

  • Security

  • Integration with larger, organization-level contingency plans

When planning a highly available Client Security environment, consider all available alternatives and measure the risk of failure for each alternative. Evaluate the costs of each alternative against its risk factors and the impact of downtime to your organization.

After you evaluate risks versus costs, and after you design and deploy your system, your IT staff will require guidelines and plans of action in case a system failure occurs.