Risk control strategies-, Computer Network Security

Risk Control Strategies

Once the ranked vulnerability risk worksheet has created, they should choose one of following 4 strategies to control each risk:
•Apply safeguards which eliminates/ reduce the remaining uncontrolled risks for the vulnerability.
•Transfer risk to other areas /to outside entities.
•Reduce impact should the vulnerability be exploited.
•Understand consequences and accept risk (acceptance) without control/mitigation.

Avoidance
•Attempts to avoid exploitation of vulnerability
•Preferred approach; accomplished through countering threats, restricting asset access, removing asset vulnerabilities, and adding protective safeguards
•Three basic methods of risk avoidance:
-Application of policy
-Training and education
- Applying technology

Transference

•Control approach which attempts to shift risk to other assets, or organizations
•If lacking, organization should hire individuals/firms which provide security management and administration expertise
•Organization may then transfer risk related with management of complex systems to another organization experienced in dealing with the risks.

Mitigation


•Attempts to reduce the impact of vulnerability exploitation through planning and preparation

•Approach includes 3 types of plans:
-Incident response plan (IRP)
-Disaster recovery plan (DRP)
-Business continuity plan (BCP)’

Acceptance

•Not doing anything to protect vulnerability and accepting outcome of its exploitation
•Valid when the particular function, information, or asset doesn’t justify cost of protection
•Risk appetite describes the degree to which the organization is willing to allow risk as trade off to the expense for applying the controls.

Posted Date: 10/9/2012 2:14:54 AM | Location : United States







Related Discussions:- Risk control strategies-, Assignment Help, Ask Question on Risk control strategies-, Get Answer, Expert's Help, Risk control strategies- Discussions

Write discussion on Risk control strategies-
Your posts are moderated
Related Questions
Example : Softbank – theft of consumer data for extortion Softbank of Japan offers broadband Internet services across Japan through 2 subsidiaries – Yahoo! BB and Softbank BB. I

Access Controls Access controls addresses admission of a user into a trusted area of organization. It comprises of a combination of policies & technologies. The ways to control

LOCALITY OF REFERENCE PRINCIPLE:  Principle of "Locality of Reference" use to predict computer interaction patterns. There are two patterns shown as follows: a) Spatial loca

You have been asked to setup a remote temperature sensing system for an electric furnace. The system consists of a sensor unit which feeds an analogue signal to a PCM encoder. The

In broadcast topology there are further two types 1) SATELLITE\RADIO 2) RING TOPOLOGY In a radio or satellite topology every computers are connected to each other via radio o

ASSET IDENTIFICATION AND VALUATION This process begins with identification of assets that includes all elements of an organization’s system (people, procedures, data and informa

QUESTION: (a) Explain, with the aid of a diagram, a Star topology of a network of your choice. (b) Illustrate on the use of a MAN and give an example of one. (c) Describe

BUSINESS NEEDS Information security performs four main functions for an organization. 1. Protects the ability of organization to function. 2. Enables safe operation of applicat

Early networks used simple point-to-point communication . In such a method of communication every communication channel connects exactly two devices. In this way it prepares a m

Produce a short report of your experiences in installing and using PGP. The report should be written in the form of a journal that contains at least the following items: A de