Risk control strategies-risk management, Computer Network Security

Risk Control Strategies

Once the ranked vulnerability risk worksheet has created, they should choose one of following 4 strategies to control each risk:
•    Apply safeguards which eliminates/ reduce the remaining uncontrolled risks for the vulnerability.
•    Transfer risk to other areas /to outside entities.
•    Reduce impact should the vulnerability be exploited.
•    Understand consequences and accept risk (acceptance) without control/mitigation.

Avoidance
•    Attempts to avoid exploitation of vulnerability
•    Preferred approach; accomplished through countering threats, restricting asset access, removing asset vulnerabilities, and adding protective safeguards
•    Three basic methods of risk avoidance:
1 Application of policy
2 Training and education
3 Applying technology

Transference
•    Control approach which attempts to shift risk to other assets, or organizations
•    If lacking, organization should hire individuals/firms which provide security management and administration expertise
•    Organization may then transfer risk related with management of complex systems to another organization experienced in dealing with the risks.

Mitigation

•    Attempts to reduce the impact of vulnerability exploitation through planning and preparation

•    Approach includes 3 types of plans:

1 Incident response plan (IRP)

2 Disaster recovery plan (DRP)

3 Business continuity plan (BCP)’

Acceptance

•    Not doing anything to protect vulnerability and accepting outcome of its exploitation
•    Valid when the particular function, information, or asset doesn’t justify cost of protection
•    Risk appetite describes the degree to which the organization is willing to allow risk as trade off to the expense for applying the controls.

Posted Date: 10/8/2012 6:44:24 AM | Location : United States







Related Discussions:- Risk control strategies-risk management, Assignment Help, Ask Question on Risk control strategies-risk management, Get Answer, Expert's Help, Risk control strategies-risk management Discussions

Write discussion on Risk control strategies-risk management
Your posts are moderated
Related Questions
W h a t do you understand by the terms security, network security and information security? How network security and information security are connected? Security can be def

THREADS AND ATTACKS Threat is an object, person, or other entity which represents a constant danger to an asset. To make sound decisions about information security, management s

QUESTION (a) What do you meant by data spoliation? (b) Justify the following statement: "Disk imaging differs from creating a standard backup of disk." (c) Why do yo

Question: a) Differentiate between ‘Gross Settlement' and ‘Multilateral Net Settlement' providing suitable examples where necessary to support your answer. b) Differentia

Belady's Anomaly Also known FIFO anomaly. Generally, on raising the number of frames given to a process' virtual storage, the program execution is faster, because lesser page

What do you understand by cryptanalysis? Discuss about the transposition ciphers substitution cipher, and onetime pads. The messages which are intended to transmit secretly and

Risk Identification Risk management comprises of identifying, classifying and prioritizing organization’s information assets, threats and vulnerabilities also. Risk Identificati

Problem a) Give three reasons why traditional Network Design approach is less appropriate for many of today's networks? b) The network requires of users are organized into m

ROUTING TABLE For efficiency, information about forwarding is saved in a routing table, which is started at system initialization and must be updated as network topology modif

QUESTION a) Compare and contrast between static and dynamic routing. b) What are the merits (five merits) and limitations (3 limitations) of using Open Shortest Path First