search

Describe the defense strategy for controlling risk. list and describe the three common methods?

1 Jahrs vor
Kommentare: 0
Ansichten: 177

Risk Control Strategies are the defensive measures utilized by IT and InfoSec communities to limit vulnerabilities and manage risks to an acceptable level. There are a number of strategies that can be employed as one measure of defense or in a combination of multiple strategies together. A risk assessment is an important tool that should be incorporated in the process of identifying and determining the threats and vulnerabilities that could potentially impact resources and assets to help manage risk. Risk management is also a component of a risk control strategy because Nelson et al. (2015) state that "risk management involves determining how much risk is acceptable for any process or operation, such as replacing equipment".[1]

Show
Examples of Threats
Social Engineering
Theft
Vandalism
Forces of nature
Human error
Software errors
Hardware errors

Strategies[edit]

Five basic strategies to control risks that arise from vulnerabilities [2]

  1. Defense - Applying safeguards that eliminate or reduce the remaining uncontrolled risk
  2. Transferral - Shifting risks to other areas or to outside entities
  3. Mitigation - Reducing the impact of information assets should an attacker successfully exploit a vulnerability
  4. Acceptance - Understanding the consequences of choosing to leave a risk uncontrolled and then properly acknowledging the risk that remains without an attempt at control
  5. Termination - Removing or discontinuing the information asset from the organization's operating environment

Defense[edit]

The defense strategy works to deter the exploitation of the vulnerability that requires protection. Defense methods can apply physical, logical, or a combination of both to provide protection as a defense strategy. The application of multiple layers of defensive measures is called defense in depth. Defense in depth applies access controls that Stewart et al. (2012) describe as "multiple layers or levels of access controls are deployed to provide layered security" [3]

Transferal[edit]

This strategy according to Stalling & Brown is the "sharing of responsible for the risk with a third party. This is typically achieved by taking out insurance against the risk occurring, by entering into a contract with another organization, or by using partnership or joint venture structures to share the risk and cost should the threat eventuate.[4] The act of purchasing insurance is an example of risk transferral.

Mitigation[edit]

The mitigation strategy attempts to reduce the damage of a vulnerability by employing measures to limit a successful attack. According to Hill (2012), "this can be done by fixing a flaw that creates an exposure to risk or by putting compensatory controls in place that either reduce the likelihood of the weakness actually causing damage or reduce the impact if the risk that is associated with the flaw actually materialized.[5]

Acceptance[edit]

This strategy accepts the identified risk and deploys no defense strategy. A reason for using an acceptance strategy is that the cost associated with deploying safeguards outweighs the damage of a successful attack or compromise.

Termination[edit]

Instead of using a safeguard to protect an asset or deploying zero safeguards and accepting the risks to an asset, this strategy removes the asset from the environment with risks. An example of this strategy would be to remove a server from a network because the company has determined that termination of the resource outweighs the benefit of leaving it on the network due to risk concerns.

References[edit]

  1. ^ Nelson, B., Phillips, A., & Steuart, C. (2015). Guide to computer forensics and investigations (5th ed.). Boston, MA: Cengage Learning.
  2. ^ Whitman, M. E., & Mattord, H. J. (2014). Management of information security (4th ed.). Stamford, CT: Cengage Learning.
  3. ^ Stewart, J., Chapple, M., & Gibson, D. (2012). CISSP: certified information systems security professional study guide (6th ed.). Indianapolis, IN: Wiley.
  4. ^ Stallings, W., & Brown, L. (2015). Computer security principles and practice (3rd ed.). Upper Saddle River, NJ: Pearson Education, Inc.
  5. ^ Hill, D. G. (2009). Data protection. Boca Raton, Florida: CRC Press.

  • Risk Mitigation Planning, Implementation, and Progress Monitoring

What are the strategies of controlling risk risk control?

There are four main risk management strategies, or risk treatment options:.
Risk acceptance..
Risk transference..
Risk avoidance..
Risk reduction..

What are the three common approaches to implement the defense risk control strategy?

What are the three common approaches to implement the defense risk control strategy? Answer: The three common approaches are the application of policy, the application of training and education, and the implementation of technology.

What is defend control strategy?

The defense risk control strategy attempts to prevent the exploitation of the vulnerability. This is the preferred approach and is accomplished by means of countering threats, removing vulnerabilities in assets, limiting access to assets, and adding protective safeguards.

What is risk control strategies in detail?

Risk Control Strategies are the defensive measures utilized by IT and InfoSec communities to limit vulnerabilities and manage risks to an acceptable level. There are a number of strategies that can be employed as one measure of defense or in a combination of multiple strategies together.

describe defense strategy controlling risk list common methods Risk control strategy

zusammenhängende Posts

What are the three main processes in project communications management briefly describe each process?
What are the three main processes in project communications management briefly describe each process?

What is the term used to describe an email that is targeting a specific person employed at a financial institution?
What is the term used to describe an email that is targeting a specific person employed at a financial institution?

Which of the following describe Bernards largest contribution to the study of management quizlet?
Which of the following describe Bernards largest contribution to the study of management quizlet?

Which of the following describe an individuals intellectual capabilities and are closely linked to how a person makes decisions and processes information?
Which of the following describe an individuals intellectual capabilities and are closely linked to how a person makes decisions and processes information?

What is the term used to describe a variable that is affected or influenced by the independent variable?
What is the term used to describe a variable that is affected or influenced by the independent variable?

What term is used to describe the process in which an organism learns the difference between different stimuli in order to restrict their response to one stimulus in particular?
What term is used to describe the process in which an organism learns the difference between different stimuli in order to restrict their response to one stimulus in particular?

The conditions faced by the Indian laborers described in the passage were most similar to those of
The conditions faced by the Indian laborers described in the passage were most similar to those of

How was the use of slavery in this time period different from slavery in previous periods of history?
How was the use of slavery in this time period different from slavery in previous periods of history?

Which term is used to describe a group that is set apart from others primarily because of its national origin or distinctive cultural patterns quizlet?
Which term is used to describe a group that is set apart from others primarily because of its national origin or distinctive cultural patterns quizlet?

Which of the following statements accurately describe the Bonus Army and its consequences quizlet
Which of the following statements accurately describe the Bonus Army and its consequences quizlet

Werbung

NEUESTEN NACHRICHTEN

Borderline wer ist schuld
1 Jahrs vor . durch LunarLine-up
Wer hat mich auf Instagram blockiert
1 Jahrs vor . durch IncipientHeader
Wie geht es dir was soll ich antworten?
1 Jahrs vor . durch SolubleAuthority
Kind 1 Jahr wie oft Fleisch
1 Jahrs vor . durch ThirstyRepublic
Was müssen Sie bei der Beladung von Fahrzeugen zu beachten?
1 Jahrs vor . durch WaxedHeadquarters
Schütz Die Himmel erzählen die Ehre Gottes
1 Jahrs vor . durch ExtrinsicSaucer
In planning an IS audit, the MOST critical step is the identification of the
1 Jahrs vor . durch SteepPanther
Wie lange darf eine Kaution einbehalten werden?
1 Jahrs vor . durch SeasonalBanjo
Sarah connor nicht bei voice of germany
1 Jahrs vor . durch FloridIceberg
Kann man mit dem Fachabitur Jura studieren?
1 Jahrs vor . durch PolarIndecency

Werbung

Populer

Werbung

Um

Legal

Hilfe

Sozial

homeendefrjpkoptzhhiitthtr
Urheberrechte © © 2024 ketiadaan Inc.