Risk control strategies-risk management, Computer Network Security

Risk Control Strategies

Once the ranked vulnerability risk worksheet has created, they should choose one of following 4 strategies to control each risk:
•    Apply safeguards which eliminates/ reduce the remaining uncontrolled risks for the vulnerability.
•    Transfer risk to other areas /to outside entities.
•    Reduce impact should the vulnerability be exploited.
•    Understand consequences and accept risk (acceptance) without control/mitigation.

Avoidance
•    Attempts to avoid exploitation of vulnerability
•    Preferred approach; accomplished through countering threats, restricting asset access, removing asset vulnerabilities, and adding protective safeguards
•    Three basic methods of risk avoidance:
1 Application of policy
2 Training and education
3 Applying technology

Transference
•    Control approach which attempts to shift risk to other assets, or organizations
•    If lacking, organization should hire individuals/firms which provide security management and administration expertise
•    Organization may then transfer risk related with management of complex systems to another organization experienced in dealing with the risks.

Mitigation

•    Attempts to reduce the impact of vulnerability exploitation through planning and preparation

•    Approach includes 3 types of plans:

1 Incident response plan (IRP)

2 Disaster recovery plan (DRP)

3 Business continuity plan (BCP)’

Acceptance

•    Not doing anything to protect vulnerability and accepting outcome of its exploitation
•    Valid when the particular function, information, or asset doesn’t justify cost of protection
•    Risk appetite describes the degree to which the organization is willing to allow risk as trade off to the expense for applying the controls.

Posted Date: 10/8/2012 6:44:24 AM | Location : United States







Related Discussions:- Risk control strategies-risk management, Assignment Help, Ask Question on Risk control strategies-risk management, Get Answer, Expert's Help, Risk control strategies-risk management Discussions

Write discussion on Risk control strategies-risk management
Your posts are moderated
Related Questions
Question: (a) A Wireless Mesh Network (WMN) is a communications network made up of radio nodes organized in a mesh topology. i. Describe the function of a TAP in WMNs. ii.

Question: (a) Data on four variables are stored in a file called file1.dat. The first line of the file is the variable names f, x, y and z. Give the R commands to (i) read t

QUESTION (a) Which PKI (Public Key Infrastructure) model is typically favored by business organization? (b) Give one possible use of the "extensions" field of an X.509 certi

Q. Explain about Security aware protocols? The security-Aware ad hoc Routing (SAR) protocol based on the security attributes integrated into the ad hoc route discovery provides

QUESTION (a) Consider the following authentication options A. Using password B. Using pin and fingerprint Which option A or B provides stronger security and why? (b

Question: a) Explain what you understand by the term brute force attack, giving an example of such an attack b) Briefly outline the concept of Caesar cipher and identify a

Problem 1: a) One of the limitations of file processing systems is data inconsistency. Briefly explain with the help of an example what do you understand by this phrase. b)

Ask You have been asked by a new client to assist in setting up a new computer for her coffee shop. She has just purchased the newest Apple computer from an online site. Should wou

ENCAPSULATION Network interface layer adds IP datagram as data area in hardware frame. Hardware ignores IP datagram message format. Standards for encapsulation defines details

Types of IDSs and Detection Methods IDSs operate as network based, host based, or application based systems and focused on protecting network information assets. All the IDSs us