Javascript is required

Sources of risk

Paul-Emmanuel Bidault
Paul-Emmanuel Bidault
27 December 2023·2 minutes read time

ISO 27005 defines risk as "potential that a given threat will exploit vulnerabilities of an asset or group of assets and thereby cause harm to the organization." ISO 31000 states that risk is the "effect of uncertainty on objectives."

A source of risk can be a person, internal or external to the organisation, acting accidentally or deliberately (e.g. IT administrator, user, external attacker, competitor), or a non-human source (e.g. water, dangerous materials, non-targeted computer virus) who may be the source of a risk.

Risk sources can be of different kinds:

Internal human source

This could be :

  • a malicious employee, using his or her proximity to the system, skills, privileges and potentially high time availability, or committing negligence due to a possible lack of training and awareness.
  • a careless or ill-intentioned user or those around them who have access to the service.

There may be many reasons for this: clumsiness, error, negligence, revenge, a desire to alert, malice, greed, espionage, etc.

External human source

This may be :

  • a malicious or ignorant third party using their physical proximity to fraudulently access the service
  • an attacker targeting a user by using his knowledge of the user and some of the information concerning him
  • an attacker targeting one of the companies in charge of data processing, using their knowledge of the companies to damage their image
  • an authorised third party using its privileged access to illegitimately access information. The motives can be multiple: gambling, nuisance, malice, revenge, espionage, greed, acquisition of data with a view to exploiting it, etc.

Non-human source

This could be an incident or disaster at one of the organisations in charge of processing (power cut, fire, flood, etc.).

Subscribe to our newsletter

We will send you a few emails to keep you informed of our news and what's new in our solution

* You will always be able to unsubscribe on each newsletter. Learn more.