Valuation at Risk {VaR}

If you would like to stay in touch sign up for our Newletter below!


What is the Valuation of the Assets at Risk?

The Valuation is the estimated value to the organisation of the Asset that is at Risk, sometimes referred to as the Valuation at Risk (VaR).

For example it could be as simple as a single server that contains your organisational website. While you might not be concerned if an external party accesses the data, after all a website makes the data available to internet users, you would be concerned if these Internet users were to compromise the data and change it to something that brings the company in to disrepute.

The valuation in this instance would be the damage caused to your organisational brand if your website was defaced by a nefarious party and the loss of confidence your customers would have with dealing with you in the future. If the website contained customer data, there might also be fines, from local or central governments, such as the Information Commissioner Office (ICO) in the UK; or from business partners that require you to protect certain customer data, such as the Payment Card Industry Data Security Standard (PCI DSS) for organisations that take payment via Credit Cards.

By calculating the total Value of that asset to your organisation you now know what is at Risk, your VaR, Valuation at Risk.

If you were not to put in any counter measures to mitigate even the basic Risk of compromise, and you were to assume that you were a target, as your server is on the internet, your calculated Risk at this stage would be the following:

RISK = Valuation {VaR}

So in our example if our Assets had a Valuation of $10,000,000, our Risk, with no IT Controls in place to protect the assets would be:

RISK = $10,000,000 {VaR}

That is to say, as your Risk is equal to the Valuation of the Asset.

| IT Risk Management | IT Risk Measurement | IT Risk Formula | IT Risk Calculations |

Please read our "Terms" before making a comment.

blog comments powered by Disqus
To The Top