Risk control strategies-, Computer Network Security

Risk Control Strategies

Once the ranked vulnerability risk worksheet has created, they should choose one of following 4 strategies to control each risk:
•Apply safeguards which eliminates/ reduce the remaining uncontrolled risks for the vulnerability.
•Transfer risk to other areas /to outside entities.
•Reduce impact should the vulnerability be exploited.
•Understand consequences and accept risk (acceptance) without control/mitigation.

Avoidance
•Attempts to avoid exploitation of vulnerability
•Preferred approach; accomplished through countering threats, restricting asset access, removing asset vulnerabilities, and adding protective safeguards
•Three basic methods of risk avoidance:
-Application of policy
-Training and education
- Applying technology

Transference

•Control approach which attempts to shift risk to other assets, or organizations
•If lacking, organization should hire individuals/firms which provide security management and administration expertise
•Organization may then transfer risk related with management of complex systems to another organization experienced in dealing with the risks.

Mitigation


•Attempts to reduce the impact of vulnerability exploitation through planning and preparation

•Approach includes 3 types of plans:
-Incident response plan (IRP)
-Disaster recovery plan (DRP)
-Business continuity plan (BCP)’

Acceptance

•Not doing anything to protect vulnerability and accepting outcome of its exploitation
•Valid when the particular function, information, or asset doesn’t justify cost of protection
•Risk appetite describes the degree to which the organization is willing to allow risk as trade off to the expense for applying the controls.

Posted Date: 10/9/2012 2:14:54 AM | Location : United States







Related Discussions:- Risk control strategies-, Assignment Help, Ask Question on Risk control strategies-, Get Answer, Expert's Help, Risk control strategies- Discussions

Write discussion on Risk control strategies-
Your posts are moderated
Related Questions
Question 1 (a) Explain briefly the following terms as used in network security: (i) Denial of service (DoS) attack (ii) Birthday attack (iii) DeMilitarized Zone

Problem (a) As a forensic investigator, you are needed to trace the source of an email. It is suspected that the email header has been forged. Show how you would proceed to

Question 1 a) Explain how CSMA/CD works. b) Describe the term "exponential back-off". c) Describe the differences between "circuit switching" and "packet switching". d) Th

The first and foremost need of  any business is a role to perform for its client base, and for the spammer this will typically be the role of advertising products which, due to the

Hybrid Cryptography Systems This makes use of different cryptography systems. Except digital certificates, pure asymmetric key encryption is not used extensively. Asymmetric enc

Let me know the details of protocol tcp/ip

Implementing an effective online authentication scheme in practice faces many challenges. Systems with highly sensitive data often require multifactor authentication. But, requirin

Categories of Controls Controlling risk through mitigation, avoidance or transference is accomplished by implementing controls. There are 4 effective approaches to select the co

Advantages and Disadvantage of Packet Filtering firewall   Advantages One screening router can help protect entire network One key advantage of packet filter