5.2 Risk Management Strategies

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/6

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

7 Terms

1
New cards

Transfer

Move the risk under the control of a different party.

  • A very good example of risk transfer would be the purchase of cybersecurity insurance.

2
New cards

Accept

This is usually the most common course of action

  • Allows the company to decide what they would like to do with that risk.

3
New cards

Accept With Exemption

A case where a particular security policy cannot be followed

  • An organization may have purchased a large piece of equipment used for manufacturing, and that equipment uses the Windows operating system.

  • The manufacturer of that equipment says that they do not support patching or updating the operating system on that device.

  • The monthly Microsoft updates could not be applied, but there is a company policy that says that every device must receive those patches.

4
New cards

Accept With Exception

Internal security policies are not applied

  • Organization has decided that every device must be patched within three days of the patch being made public.

  • The company finds that this month’s set of patches causes a critical software package to crash.

  • Company may have an allow them to wait more than three days so they can update their software to work better with these patches.

5
New cards

Avoid

Risk has been completely removed from the organization.

  • Stop participating in a high-risk activity; effectively removes the risk

  • Disabling certain system functions or shutting down the system when risks are identified

6
New cards

Mitigate

Decrease the risk level; Invest in security systems.

  • For example, if we’re concerned about risk coming from the internet, we may want to invest in a next-generation firewall, which removes some of the issues associated with that connectivity.

7
New cards

Risk Reporting

Process of documenting and tracking all identified risks within an organization.

  • Includes descriptions of each risk and the strategies for handling them

  • Frequently referenced by upper management to guide business decisions, such as purchases and risk mitigation.

  • A living document, regularly updated to reflect critical and emerging risks.