One of the early epiphanies for any risk manager is when they realize that to totally eliminate risk is frankly not worth it. The truth is that to eliminate risk, if it is even possible, would usually be so resource intensive that it renders a pyric victory at best. That is why they don’t call it risk elimination but risk management.
Balancing risk against business need and cost of effort for mitigation is the key to Risk Management. What is the exposure? What will it take to eliminate that exposure? It follows then that handling risk in the most efficient matter possible would allow you to lower you risk level while expending the least amount of resources. Efficiency is a prime consideration in risk management.
That is one of the best and most useful features in Firemon’s new Risk Analyzer product. Once RA has examined the network configuration and vulnerability data it can tell you what any single action or combination of actions on your part will result in what risk mitigation. For instance it can show you that patching one vulnerability could eliminate a specific number of potential exposures. At the same time it could show you that fixing another vulnerability or fixing multiple vulnerabilities really doesn’t buy you much in terms of reducing risk.
How do you get the biggest bang from the risk reduction buck is a vital piece of risk management. Intelligent analysis of multiple risks and remediation options is just one of the great features that Risk Analyzer will bring to your organization. We will be highlighting more great Risk Analyzer features in upcoming blogs.