It is Isaca’s view that businesses of all shapes and sizes should regularly and consistently perform threat and vulnerability analyses of their critical business processes, core and sensitive data assets, and associated information infrastructure to help them evaluate and manage risks associated with them.  
Destructive attacks tend to be more obvious and serve to promote a position of the attacking party rather than attempt to gain access to or exploit data. 

This does not make them any less dangerous –and given recent events, their likelihood of occurrence should be considered fairly reasonable.  
To counteract these attacks, organisations should have consistent, mature and regularly exercised security monitoring capabilities and incident response plans that use the input from the threat and vulnerability analysis to identify attack behaviour as early as possible, and then effectively respond to them if they are successful.
Early warning and effective preparation can help to minimise the impact of attacks.  

From a business continuity perspective, organisations should also consider options of replicating key data assets and capabilities on systems that are not mirrors of each other and, in fact, operate on completely different operating systems, applications, networks, and storage solutions. 
This will reduce the ability for the attack to affect all of an organisation’s data and computing assets with the same attack methods and capabilities. 
John Pironti is a risk advisor at Isaca and president of IP Architects

Email Alerts
Register now to receive IT-related news, guides and more, delivered to your inbox.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Read More

Related content from


This was first published in January 2015

Leave a Reply