Risk control strategies-, Computer Network Security

Risk Control Strategies

Once the ranked vulnerability risk worksheet has created, they should choose one of following 4 strategies to control each risk:
•Apply safeguards which eliminates/ reduce the remaining uncontrolled risks for the vulnerability.
•Transfer risk to other areas /to outside entities.
•Reduce impact should the vulnerability be exploited.
•Understand consequences and accept risk (acceptance) without control/mitigation.

Avoidance
•Attempts to avoid exploitation of vulnerability
•Preferred approach; accomplished through countering threats, restricting asset access, removing asset vulnerabilities, and adding protective safeguards
•Three basic methods of risk avoidance:
-Application of policy
-Training and education
- Applying technology

Transference

•Control approach which attempts to shift risk to other assets, or organizations
•If lacking, organization should hire individuals/firms which provide security management and administration expertise
•Organization may then transfer risk related with management of complex systems to another organization experienced in dealing with the risks.

Mitigation


•Attempts to reduce the impact of vulnerability exploitation through planning and preparation

•Approach includes 3 types of plans:
-Incident response plan (IRP)
-Disaster recovery plan (DRP)
-Business continuity plan (BCP)’

Acceptance

•Not doing anything to protect vulnerability and accepting outcome of its exploitation
•Valid when the particular function, information, or asset doesn’t justify cost of protection
•Risk appetite describes the degree to which the organization is willing to allow risk as trade off to the expense for applying the controls.

Posted Date: 10/9/2012 2:14:54 AM | Location : United States







Related Discussions:- Risk control strategies-, Assignment Help, Ask Question on Risk control strategies-, Get Answer, Expert's Help, Risk control strategies- Discussions

Write discussion on Risk control strategies-
Your posts are moderated
Related Questions
project on ensuring data securities on cloud computing

Routers They transfer packets among multiple interconnected network machines (i.e. LANs of different kind). They perform in the data link, physical and network layers. They ha

What is information Information comprises the meanings and interpretations which people place upon the facts, or data. The value of information springs from the ways it can be i

IPV6 DATAGRAM FORMAT It is given in the figure below:

Q. Analysis of the Problem of cyber attack? According to the case, The EZ Company is a prominent organization specialized in information integration and visualization technolog

You are an IT Security administrator in a banking organization. Your organization hired an outside IT firm to do a proof of Concept for new equipment which is a computer based syst


CarALouer provides rental of cars to its customer on a regional basis i.e. a car is attached to a regional home-base which also houses a regional office of the company. Each regi

Question: (a) Which type of attacker represents the most likely and most damaging risk to your network? (b) What is the basic reason that social engineering attacks succeed?

In 10 or more pages, address the following topics (be sure to use diagrams as well as references). 1) Define broadband and baseband transmission technology. 2) Describe broadban