Information security community of interest usually

This preview shows page 9 - 11 out of 26 pages.

Information security community of interest usually takes the lead in information security risk management. 4. In risk management strategies, why must periodic review be a part of the process? Periodic review must be part of the risk management strategies because risks form security threats create competitive disadvantage to organizations. It is a constant process for safeguards and controls to be devised and implemented, and not to be install-and-forget devices. 5. Why do networking components need more examination from an information security perspective than from a systems development perspective? Network components tend to be the focal point of attacks, and therefore should be examined by the security perspective more thoroughly. In addition, networking components need more examination from and information security perspective because most components must be configured differently or modified from the state that they are in when shipped to the company. 10. What are vulnerabilities? How do you identify them? Specific avenues that threat agents can exploit to attack an information alset. Analysing all components of an information systems and evaluating the risk to each component identify the vulnerabilities. 12. What are the four strategies for controlling risk? 1. Applying safeguard s that eliminate or reduce the remaining uncontrolled risk for the vulnerability (avoidance). 2. Transfer the risk to other areas or to outside entities (transference) 3. Reduce the impact should be vulnerability be exploited (mitigation) and
Image of page 9

Subscribe to view the full document.

4. Understand the consequences and accept the risk without control or mitigation (Acceptance). 13. Describe risk avoidance. Name three common methods of risk avoidance. Risk avoidance is the control of risk strategy that attempts to prevent the exploitation of the vulnerability. There are three common methods of risk avoidance they are: 1. Avoidance through application of policy. 2. Avoidance through application of training and education, 3. Avoidance through application of technology. 14. Describe risk transference. Describe how outsourcing can be used for risk transference. Transference is the control approach that attempts to shift risk to other assets, other processes, or other organizations. This goal may be accomplished by rethinking how services are offered, revising deployment models, outsourcing to other organizations, purchasing insurance, or implementing service contracts with providers. Outsourcing, however, is not without its own risks. It is up to the owner of the information asset, IT management, and the information security team to ensure that the disaster recovery requirements of the outsourcing contract are sufficient and have been met before they are needed for recovery efforts. If the outsourcer has failed to meet the contract terms, the consequences may be far worse than expected.
Image of page 10
Image of page 11

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern