ABSTRACT
The list below is not exhaustive or complete, but merely intended as a guide only. Not all of these risks are applicable to every business, and some businesses may have other risks that are not listed here. If the business you are reviewing is an international business, you will have many risks to consider that a domestic business will not. You should be able to tell from this list that you are not just looking to find out the security types of risks, you want to be sure you are aware of all of their risks because there are many times that business risks will have an impact on security operations. The following is a list of risks a given business can potentially face:
Fraud• Lack of accurate and timely intelligence• Corruption• Economic espionage• Theft• Patent and trademark infringement• Foreign travel• Gray market and counterfeit products• Organized crime• Political instability• Business disputes and litigation•
Legislative requirements• Terrorism and sabotage• Kidnapping• Extortion• Unsecured data and communications• Workplace violence• Workplace suicide• Sexual harassment and discrimination claims• Acts of nature•
The purpose of defining risks is so that you can determine the appropriate actions to “manage the risks.” For each risk that is identified you will need to assist the client to make a decision to do one of the following:
Risk assumption. Accepting the potential risk and continuing to • operate as is. You should always ask the question, “Who has the authority to accept risks for the company?” Risk avoidance. Avoid the risk by eliminating the cause.• Risk limitation. Implementing increased controls to reduce or • limit the risk.
