Risk control strategies-, Computer Network Security

Risk Control Strategies

Once the ranked vulnerability risk worksheet has created, they should choose one of following 4 strategies to control each risk:
•Apply safeguards which eliminates/ reduce the remaining uncontrolled risks for the vulnerability.
•Transfer risk to other areas /to outside entities.
•Reduce impact should the vulnerability be exploited.
•Understand consequences and accept risk (acceptance) without control/mitigation.

Avoidance
•Attempts to avoid exploitation of vulnerability
•Preferred approach; accomplished through countering threats, restricting asset access, removing asset vulnerabilities, and adding protective safeguards
•Three basic methods of risk avoidance:
-Application of policy
-Training and education
- Applying technology

Transference

•Control approach which attempts to shift risk to other assets, or organizations
•If lacking, organization should hire individuals/firms which provide security management and administration expertise
•Organization may then transfer risk related with management of complex systems to another organization experienced in dealing with the risks.

Mitigation


•Attempts to reduce the impact of vulnerability exploitation through planning and preparation

•Approach includes 3 types of plans:
-Incident response plan (IRP)
-Disaster recovery plan (DRP)
-Business continuity plan (BCP)’

Acceptance

•Not doing anything to protect vulnerability and accepting outcome of its exploitation
•Valid when the particular function, information, or asset doesn’t justify cost of protection
•Risk appetite describes the degree to which the organization is willing to allow risk as trade off to the expense for applying the controls.

Posted Date: 10/9/2012 2:14:54 AM | Location : United States







Related Discussions:- Risk control strategies-, Assignment Help, Ask Question on Risk control strategies-, Get Answer, Expert's Help, Risk control strategies- Discussions

Write discussion on Risk control strategies-
Your posts are moderated
Related Questions
ACCESS CONTROL DEVICES Successful access control system includes number of components, which depends on system’s requirements for authentication and authorization. Powerful auth

QUESTION (In this question, you will need to use the ISO 27001:2005 and ISO 27002:2005 standards) For each of the situations below, comment on the following: 1. Mention

Question: (a) Which of the following is not a goal of security: i) detection ii) prevention iii) recovery iv) prosecution (b) You are an honest student. One day you

Question (a) Consider that you enter the subsequent URL in the address bar of a popular web client and that both the server and client accepts HTTP version 1.1. i. What can be

INTRODUCTION TO RISK MANAGEMENT Risk management is the procedure of identifying and controlling risks facing an organization. Risk management is the discipline which is employed

Your rules should ensure that Internet access will be restricted to the following: Only the following services will be permitted as OUTBOUND traffic (to the Internet from the DM

Problem: (a) Use a simple example to explain what is meant by a finite state machine. (b) Describe the time limit problem in an interrupt-driven system. (c) A certain m

on LAN,where are IP datagrams transported?

Question: A regional police force has the following corporate objectives: ? to reduce crime and disorder; ? to promote community safety; ? to contribute to delivering just

RING TOPOLOGY In this topology of network the devices are connected to each other in packed loop. In this network first computer passes data packet to the second and then seco