Risk control strategies-risk management, Computer Network Security

Risk Control Strategies

Once the ranked vulnerability risk worksheet has created, they should choose one of following 4 strategies to control each risk:
•    Apply safeguards which eliminates/ reduce the remaining uncontrolled risks for the vulnerability.
•    Transfer risk to other areas /to outside entities.
•    Reduce impact should the vulnerability be exploited.
•    Understand consequences and accept risk (acceptance) without control/mitigation.

Avoidance
•    Attempts to avoid exploitation of vulnerability
•    Preferred approach; accomplished through countering threats, restricting asset access, removing asset vulnerabilities, and adding protective safeguards
•    Three basic methods of risk avoidance:
1 Application of policy
2 Training and education
3 Applying technology

Transference
•    Control approach which attempts to shift risk to other assets, or organizations
•    If lacking, organization should hire individuals/firms which provide security management and administration expertise
•    Organization may then transfer risk related with management of complex systems to another organization experienced in dealing with the risks.

Mitigation

•    Attempts to reduce the impact of vulnerability exploitation through planning and preparation

•    Approach includes 3 types of plans:

1 Incident response plan (IRP)

2 Disaster recovery plan (DRP)

3 Business continuity plan (BCP)’

Acceptance

•    Not doing anything to protect vulnerability and accepting outcome of its exploitation
•    Valid when the particular function, information, or asset doesn’t justify cost of protection
•    Risk appetite describes the degree to which the organization is willing to allow risk as trade off to the expense for applying the controls.

Posted Date: 10/8/2012 6:44:24 AM | Location : United States







Related Discussions:- Risk control strategies-risk management, Assignment Help, Ask Question on Risk control strategies-risk management, Get Answer, Expert's Help, Risk control strategies-risk management Discussions

Write discussion on Risk control strategies-risk management
Your posts are moderated
Related Questions
Secure Socket Layer (SSL) accepts a combination of asymmetric and symmetric (public-key) encryption to accomplish integrity, confidentiality, authentication and non-repudiation for

Evaluations, Assessment, and Maintenance of Risk Controls When the control strategy has been implemented, it should be monitored and measured on an ongoing basis to determine ef

Question: Suppose the following brief history of WLAN security standards: When the security of WEP was broken, the industry turned to the IEEE to fix it. The IEEE said it could

ADDRESS RESOLUTION WITH MESSAGE EXCHANGE An alternative to local calculation is a distributed function. A computer that requires to find an address transmits a message across

Categories of Controls Controlling risk through mitigation, avoidance or transference is accomplished by implementing controls. There are 4 effective approaches to select the co

Discuss how developers should apply the following countermeasures to improve the security of their code:

ADDRESS RESOLUTION WITH CLOSED-FORM COMPUTATION For networks use reliable addressing, it is possible to select an address that creates closed-form address resolution possible.

Assume that the RSA problem is hard, prove that the RSA encryption is secure against IND- CPA. Provide a game between an adversary A and a simulator (or challenger) B.

Question : (a) What is an IDS and what is the basic problem it faces which can be solved by Artificial Intelligence. (b) Identify and describe briefly an Artificial Intell

#questioAn elliptic curve y^2=x^3+ax+b(mod29) includes points P=(7, 15) and Q=(16, 13) a)Determine the equation of the crve b) Determine all values of x for which there is no point