This preview shows page 1. Sign up to view the full content.
Unformatted text preview: values. assess
13 What are vulnerabilities? Answer: A vulnerability is a weakness Answer: in an information system, security practice or control that could be exploited to gain unauthorised unauthorised access to information or disrupt access information processing. information *Threats exploit vulnerabilities to carry *Threats out an attack of some sort. out
14 7 Describe risk avoidance, risk transference, risk Describe mitigation, risk acceptance, and residual risk. mitigation, Answer: Risk avoidance attempts to prevent the Answer: exploitation of the vulnerability. Risk transference attempts to shift the risk to other assets, other processes, or other organizations. Risk mitigation attempts to reduce, by means of planning and preparation, the damage caused by the exploitation of vulnerability. Risk acceptance is the choice to do nothing to protect an information asset and to accept the outcome from any resulting exploitation. Residual risk is the “left-over” risk that is not risk completely removed, shifted, or planned for. completely 15 Describe how outsourcing can be used for risk Describe transference. transference. Answer: Outsourcing can be used for risk transference Answer: when an organization chooses to hire an ISP or a consulting organization to provide products and services for them like buying and configuring servers, hiring their own webmasters, web system administrators and even specialized security experts. This allows the organization to transfer risk associated with management of these complex systems to another organization that has experience in dealing with those risks. Benefit of outsourcing is that the provider is responsible for disaster recovery and through service level arrangements is responsible for guarantying server and website availability. and
16 8 How does a disaster recovery plan differ from a How business continuity plan? business Answer: The DRP differs from the BCP because the Answer: DRP involves immediate recovery activities while the BCP involves longer term recovery. Secondly departments manage the DRP, while owners or their representatives at that time manages the BCP. Thirdly, the DRP is deployed after the incident is labeled a disaster while the BCP is deployed immediately after it is determined that the disaster affects the continued operations of the organization. affects 17 What is risk appetite? Explain why risk What appetite varies from organization to organization. organization. Answer: Risk appetite is the amount of risk Answer: that organizations are willing to accept, as they evaluate the trade-offs between they offs perfect security and unlimited accessibility. Risk appetite varies from organization to organization because of differences in size, budget, organizational culture as well as the difference in value placed on certain ass...
View Full Document
This note was uploaded on 02/15/2010 for the course ITC 594 taught by Professor Peterdalmaris during the Three '10 term at Charles Sturt University.
- Three '10