Risk control strategies-risk management, Computer Network Security

Risk Control Strategies

Once the ranked vulnerability risk worksheet has created, they should choose one of following 4 strategies to control each risk:
•    Apply safeguards which eliminates/ reduce the remaining uncontrolled risks for the vulnerability.
•    Transfer risk to other areas /to outside entities.
•    Reduce impact should the vulnerability be exploited.
•    Understand consequences and accept risk (acceptance) without control/mitigation.

Avoidance
•    Attempts to avoid exploitation of vulnerability
•    Preferred approach; accomplished through countering threats, restricting asset access, removing asset vulnerabilities, and adding protective safeguards
•    Three basic methods of risk avoidance:
1 Application of policy
2 Training and education
3 Applying technology

Transference
•    Control approach which attempts to shift risk to other assets, or organizations
•    If lacking, organization should hire individuals/firms which provide security management and administration expertise
•    Organization may then transfer risk related with management of complex systems to another organization experienced in dealing with the risks.

Mitigation

•    Attempts to reduce the impact of vulnerability exploitation through planning and preparation

•    Approach includes 3 types of plans:

1 Incident response plan (IRP)

2 Disaster recovery plan (DRP)

3 Business continuity plan (BCP)’

Acceptance

•    Not doing anything to protect vulnerability and accepting outcome of its exploitation
•    Valid when the particular function, information, or asset doesn’t justify cost of protection
•    Risk appetite describes the degree to which the organization is willing to allow risk as trade off to the expense for applying the controls.

Posted Date: 10/8/2012 6:44:24 AM | Location : United States







Related Discussions:- Risk control strategies-risk management, Assignment Help, Ask Question on Risk control strategies-risk management, Get Answer, Expert's Help, Risk control strategies-risk management Discussions

Write discussion on Risk control strategies-risk management
Your posts are moderated
Related Questions
Explain how can we achieved privacy in an e-mail system.  The full form of PEM is Privacy Enhanced Mail: PEM  is  the  internet  Privacy  Enhanced  Mail  standard  adopted

ASSET IDENTIFICATION AND VALUATION This process begins with identification of assets that includes all elements of an organization’s system (people, procedures, data and informa



Sometimes the special character may see in data and as a part of data they will be misinterpreted as packet data. The solution to this cause is Byte stuffing.   In general to

(a) Describe RSA encryption. (b) For an RSA encryption the values of the primes are: p=29, q=31. select e=11, evaluate the public and private keys. (c) How can RSA be used fo

i want to detec and classify network anomaly detection based on KDD99 data set using swarm intelligence

Question : (a) There are two approaches for providing confidentiality for packets in a network using symmetric encryption: End-to-End Encryption and Link Encryption. State wh

(a) Describe DES encryption with a block diagram and brief steps. (b) How does triple DES improve security. What is the effective key length of triple DES? How can 3DES be compa

Who are the individuals who cause these security problems? Many unauthorized people who cause network security problems for obtaining information about the other users and causi