Question

In: Computer Science

List and describe the five selecting control strategies for controlling risk. (30 marks)

List and describe the five selecting control strategies for controlling
risk.

Solutions

Expert Solution

List and describe the five selecting control strategies for controlling risk.

Risk management is the process of identifying vulnerabilities in an organization’s information systems and taking carefully reasoned steps to assure the confidentiality, integrity, and availability of all the components in the organization’s information systems The primary deliverable from risk assessment was a list of documented vulnerabilities, ranked by criticality of impact. When risks from information security threats are creating a competitive disadvantage the information technology and information security communities of interest control the risks.

An organization must choose four basic strategies to control risks such as risk avoidance, risk transference, risk mitigation and risk acceptance. Below these for basic strategies are explained in detail.

Risk avoidance is applying safeguards that eliminate or reduce the remaining uncontrolled risks for the vulnerability. Risk avoidance can be achieved through training and education, and implementing technical security controls and safeguards. It can also be achieved through the use of policies. Risk avoidance identifies as many threats or vulnerabilities as possible and implement strategies to mitigate those threats, reducing the impact of an attack.

Risk transference is the shifting the risk to other areas or to outside entities. The overall goal is to allow someone else accept the risk. When looking at ways to transfer risk, I would evaluate things such as services. Many services can be outsources such as application services and IT services. An outside organization may be able to offer an experience in a certain areas to your organization that you simply cannot fill. Hiring an outside organization is transferring the risk to them for that development.

Risk mitigation is reducing the impact should the vulnerability be exploited. With risk mitigation it is the expectation that it is not a matter of if something happens, it is a matter of when. And when something does happen you want to have policies and procedures in place to mitigate that. These risk mitigation strategies include disaster recovery plans, incident response plans and business continuity plans.

Risk acceptance understands the consequences and accepts the risk without control or mitigation. There will always be risk. It is impossible to eliminate risk, so therefore there needs to be analysis of these things. This is achieved by determining the level of risk to the information. You also have to evaluate the probability of an attack verses the likelihood that that vulnerability will be exploited. Another way risk can be analyzed for risk acceptance is through evaluating the controls that are in place and ensuring that there are strong justifications for risk acceptance.

Termination control strategy  Instead of using a safeguard to protect an asset or deploying zero safeguards and accepting the risks to an asset, this strategy removes the asset from the environment with risks. An example of this strategy would be to remove a server from a network because the company has determined that termination of the resource outweighs the benefit of leaving it on the network due to risk concerns.


Related Solutions

. List four strategies to control flystrike and describe how they reduce the risk of flystrike
. List four strategies to control flystrike and describe how they reduce the risk of flystrike
List and briefly describe five strategies to manage outstanding accounts and debt collection.
List and briefly describe five strategies to manage outstanding accounts and debt collection.
List and briefly describe the five employer labour relations strategies towards unionization. List three reasons why...
List and briefly describe the five employer labour relations strategies towards unionization. List three reasons why union density higher in Canada than in the United States? Do you think that union density in Canada will decline to the level in the United States? Briefly Explain 400 words for each answer.
Describe five crucial components of the COSO Framework: Internal Environment (Control Environment), Risk Assessment, Control Activities,...
Describe five crucial components of the COSO Framework: Internal Environment (Control Environment), Risk Assessment, Control Activities, Information and Communication, and Monitoring. Explain what is included in the component and how that component impacts the rest of the internal control system (i.e., the other four components). Please help me to answer this question.
List the five steps in the risk management process (in order) and describe each one in...
List the five steps in the risk management process (in order) and describe each one in at least one sentence: (5 pts.) ________________________________________________________________________ ________________________________________________________________________ ________________________________________________________________________ ________________________________________________________________________ ________________________________________________________________________ The following is the probability distribution of rate of return for a particular stock: (5 pts.) Rate of Return Probability 20% 0.30 5% 0.40 -10% 0.30 What is the expected return of this stock? What is the standard deviation of the expected return? What is the confidence interval of the expected return within...
List and describe five key concepts that differentiate Enterprise Risk Management (ERM) from Traditional Risk Management...
List and describe five key concepts that differentiate Enterprise Risk Management (ERM) from Traditional Risk Management (TRM).
List the five major categories of risk exposures for households and briefly describe each one in...
List the five major categories of risk exposures for households and briefly describe each one in a sentence or two.
List and describe five potential strategies for conflict resolution in teams. Which methods have been found...
List and describe five potential strategies for conflict resolution in teams. Which methods have been found to be most effective in teams? Which method is likely to be most successful if your management likes to be involved in every decision? Give any personal examples you can share.
Describe the role of the hypothalamus and pituitary gland in controlling metabolic rate. (4 marks).
Describe the role of the hypothalamus and pituitary gland in controlling metabolic rate. .
Discuss the internal control considerations and identify issues and risk mitigation strategies
Discuss the internal control considerations and identify issues and risk mitigation strategies
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT