Risk control strategies-, Computer Network Security

Risk Control Strategies

Once the ranked vulnerability risk worksheet has created, they should choose one of following 4 strategies to control each risk:
•Apply safeguards which eliminates/ reduce the remaining uncontrolled risks for the vulnerability.
•Transfer risk to other areas /to outside entities.
•Reduce impact should the vulnerability be exploited.
•Understand consequences and accept risk (acceptance) without control/mitigation.

Avoidance
•Attempts to avoid exploitation of vulnerability
•Preferred approach; accomplished through countering threats, restricting asset access, removing asset vulnerabilities, and adding protective safeguards
•Three basic methods of risk avoidance:
-Application of policy
-Training and education
- Applying technology

Transference

•Control approach which attempts to shift risk to other assets, or organizations
•If lacking, organization should hire individuals/firms which provide security management and administration expertise
•Organization may then transfer risk related with management of complex systems to another organization experienced in dealing with the risks.

Mitigation


•Attempts to reduce the impact of vulnerability exploitation through planning and preparation

•Approach includes 3 types of plans:
-Incident response plan (IRP)
-Disaster recovery plan (DRP)
-Business continuity plan (BCP)’

Acceptance

•Not doing anything to protect vulnerability and accepting outcome of its exploitation
•Valid when the particular function, information, or asset doesn’t justify cost of protection
•Risk appetite describes the degree to which the organization is willing to allow risk as trade off to the expense for applying the controls.

Posted Date: 10/9/2012 2:14:54 AM | Location : United States







Related Discussions:- Risk control strategies-, Assignment Help, Ask Question on Risk control strategies-, Get Answer, Expert's Help, Risk control strategies- Discussions

Write discussion on Risk control strategies-
Your posts are moderated
Related Questions
Information and Network Security Part 1- Recovery of an encrypted `word' using a forward search attack. Complete and correct summary for part 1. Adequately commented, clea

(a) Show four Network Security attacks. How do they compromise security? (b) In what ways do the following devices or services contribute to security: (i) Firewall (ii) In

Question: Network diagrams combine with a set of systematic analysis procedures, serve to remedy the shortcomings of the Gantt chart. Explain the following terms used in the ne

Problem 1: What does the SNMP access policy show? SNMP community diagram SNMP access policy Problem 2: Does there exist any formal functional specificat

LOG FILE MONITORS Log file monitor (LFM) is similar to NIDS. It reviews log files generated by servers, network devices, and even other IDSs for patterns and signatures. Pattern

IDS Intrusion is a attack on information assets in which instigator attempts to gain entry into or disrupt normal system with harmful intent Incident response is an identificatio

What key which if used to encrypt the ciphertext again would give back the plaintext (i.e. key is a weak key)? Define a formula for identifying weak keys for the cipher below (

Symmetric Encryption This encryption method makes use of same “secret key” to encipher and decipher the message and it is termed as private key encryption. This type of encrypti

Ethernet is a commonly used LAN technology. It was discovered at EXROX PARC(Palo Alto Research Center) in 1970s.Xerox, Intel and Digital described it in a standard so it is also kn

Discuss how developers should apply the following countermeasures to improve the security of their code: