Risk control strategies-, Computer Network Security

Assignment Help:

Risk Control Strategies

Once the ranked vulnerability risk worksheet has created, they should choose one of following 4 strategies to control each risk:
•Apply safeguards which eliminates/ reduce the remaining uncontrolled risks for the vulnerability.
•Transfer risk to other areas /to outside entities.
•Reduce impact should the vulnerability be exploited.
•Understand consequences and accept risk (acceptance) without control/mitigation.

Avoidance
•Attempts to avoid exploitation of vulnerability
•Preferred approach; accomplished through countering threats, restricting asset access, removing asset vulnerabilities, and adding protective safeguards
•Three basic methods of risk avoidance:
-Application of policy
-Training and education
- Applying technology

Transference

•Control approach which attempts to shift risk to other assets, or organizations
•If lacking, organization should hire individuals/firms which provide security management and administration expertise
•Organization may then transfer risk related with management of complex systems to another organization experienced in dealing with the risks.

Mitigation


•Attempts to reduce the impact of vulnerability exploitation through planning and preparation

•Approach includes 3 types of plans:
-Incident response plan (IRP)
-Disaster recovery plan (DRP)
-Business continuity plan (BCP)’

Acceptance

•Not doing anything to protect vulnerability and accepting outcome of its exploitation
•Valid when the particular function, information, or asset doesn’t justify cost of protection
•Risk appetite describes the degree to which the organization is willing to allow risk as trade off to the expense for applying the controls.


Related Discussions:- Risk control strategies-

Token ring, TOKEN RING Many LAN methods that are ring topology need to...

TOKEN RING Many LAN methods that are ring topology need token passing for synchronized access to the ring. The ring itself is acts as a single shared communication phase. Both

Fuckkkkk, Ask question #Minimum.. 100 words accepted#

Ask question #Minimum.. 100 words accepted#

Types of idss and detection methods, Types of IDSs and Detection Methods ...

Types of IDSs and Detection Methods IDSs operate as network based, host based, or application based systems and focused on protecting network information assets. All the IDSs us

Securities Issues in a company, 'Near Field Communication' (NFC) technologi...

'Near Field Communication' (NFC) technologies are expected to become commonplace in the near future. Some relevant features are these: A suitable device (such as a mobile pho

Hybrid cryptography systems-cryptography, Hybrid Cryptography Systems Th...

Hybrid Cryptography Systems This makes use of different cryptography systems. Except digital certificates, pure asymmetric key encryption is not used extensively. Asymmetric enc

Security policies, implementing password policy in organisation

implementing password policy in organisation

Ring topology, RING topology all computers are connected in loop. A ring ...

RING topology all computers are connected in loop. A ring topology is a network topology in which every node connects to exactly two other devices, forming a single continuous pa

Star topology, STAR TOPOLOGY In this topology, all devices are attache...

STAR TOPOLOGY In this topology, all devices are attached to a central point, which is sometimes known as the "Hub" as given in the diagram below.   Figure: An ideal

Explain transposition ciphers and substitution cipher, What do you understa...

What do you understand by cryptanalysis? Discuss about the transposition ciphers substitution cipher, and onetime pads. The messages which are intended to transmit secretly and

Write Your Message!

Captcha
Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd