The key to determining how to approach your exposure to risk associated with Internet websites ultimately lies with a thorough risk analysis. If your risk analysis proves that certain threats to your Web sites can prove costly to your business, it may make sense to take action to limit your exposure.

But is your site really secure? What are the risks?

Since the Internet is here to stay, the best approach is to conduct a risk analysis of your
information systems, paying particular attention to those associated with your website.
The purpose of this risk analysis will be threefold:

Beyond the obvious benefit of identifying exposure to loss within the organization, a
risk analysis provides long range planning guidance to your company concerning hardware configuration and procurement, software systems, and internal controls. It can
also make valuable contributions to the criteria for contingency and security plans for
the organization.