Risk control strategies-, Computer Network Security

Risk Control Strategies

Once the ranked vulnerability risk worksheet has created, they should choose one of following 4 strategies to control each risk:
•Apply safeguards which eliminates/ reduce the remaining uncontrolled risks for the vulnerability.
•Transfer risk to other areas /to outside entities.
•Reduce impact should the vulnerability be exploited.
•Understand consequences and accept risk (acceptance) without control/mitigation.

Avoidance
•Attempts to avoid exploitation of vulnerability
•Preferred approach; accomplished through countering threats, restricting asset access, removing asset vulnerabilities, and adding protective safeguards
•Three basic methods of risk avoidance:
-Application of policy
-Training and education
- Applying technology

Transference

•Control approach which attempts to shift risk to other assets, or organizations
•If lacking, organization should hire individuals/firms which provide security management and administration expertise
•Organization may then transfer risk related with management of complex systems to another organization experienced in dealing with the risks.

Mitigation


•Attempts to reduce the impact of vulnerability exploitation through planning and preparation

•Approach includes 3 types of plans:
-Incident response plan (IRP)
-Disaster recovery plan (DRP)
-Business continuity plan (BCP)’

Acceptance

•Not doing anything to protect vulnerability and accepting outcome of its exploitation
•Valid when the particular function, information, or asset doesn’t justify cost of protection
•Risk appetite describes the degree to which the organization is willing to allow risk as trade off to the expense for applying the controls.

Posted Date: 10/9/2012 2:14:54 AM | Location : United States







Related Discussions:- Risk control strategies-, Assignment Help, Ask Question on Risk control strategies-, Get Answer, Expert's Help, Risk control strategies- Discussions

Write discussion on Risk control strategies-
Your posts are moderated
Related Questions
ADDRESS RESOLUTION AND PROTOCOL ADDRESSES Address resolution (ARP) is a network interface layer protocol. Protocol addresses are used in all upper layers. Address resolution s

Information asset classification-risk management A number of organizations have data classification schemes (for instance confidential, internal, public data). The classificat


Websphere Administrator: Working as Websphere Administrator in the department called DART (Database Architecture Re-Engineering and Tuning). The major responsibilities are t

802.11 WIRELESS LANs AND CSMA/CA:  IEEE 802.11 is standard wireless LAN that needs radio signals at 2.4GHz. Its speed is 11Mbps. The older computers use radio signals at data

Use the Chinese remainder theorem to evaluate x from the following simultaneous congruences: x ≡ 1 (mod 2); x ≡ 2 (mod 3); x ≡ 3 (mod 5). Calculate gcd(14526, 2568). (

PARITY BIT: A parity bit is an extra bit transmitted with data item select to give the resulting bit odd or even parity. For example an even parity data packet 10100001 has p

Cryptographic algorithms Cryptographic algorithms are broadly classified into two broad categories. They are stated below 1.  Symmetric Encryption and 2.  Asymmetric Encryptio

TCP-RELIABLE TRANSPORT SERVICE INTRODUCTION:  TCP is the major transport protocol architecture in the TCP/IP suite. It uses unreliable datagram function offered by IP whe

Question 1 a) Provide three advantages of using optical fiber. b) Distinguish between "Direct Sequence Modulation" and "Frequency Hopping" c) Decribe the purpose of using "