What Should I Do?
Assess Risks
Risk assessment is the first step to identify what authentication methods and security measures are required. Risks can be measured by the likelihood and impact of an incident and can be financial, including immediate, direct and consequential damages arising from faulty execution or delay in execution. It may also relate to, among other things, loss of confidentiality or privacy, damages to reputation, or identity theft.
Common categories of impacts are listed out below for reference. Additional impacts to specific service nature or business requirement may further be identified.
- Inconvenience, distress or damage to standing or reputation, of any parties
- Financial loss to any party or induce liability to businesses
- Unauthorised release of personal or commercial data to third party
- Personal safety of any party
- Assistance in the commission of or hindrance to the detection of civil or criminal violations
The degree of impact may vary from none to high. The potential degree of impact can generally be grouped as below:
- No Impact - no measurable impact
- Low Impact - limited and short-term impact
- Moderate Impact - serious short-term, or limited long-term impact
- High Impact - severe, catastrophic, or serious long-term impact
|