i) Risk Avoidance
Risk Avoidance is the practice of removing the vulnerable aspect of the system or even the system itself altogether. For instance, during a risk assessment, a website was uncovered that let vendors view their invoices, using a vendor ID embedded in the HTML file name as the identification and no authentication or authorization per vendor was in place. When notified about the web pages and the risk to the organization, management decided to remove the web pages and provided vendor invoices via another mechanism. In this case, the risk was avoided by removing the vulnerable web pages.
ii) Risk Transference
Risk Transference is the process of allowing another party to accept the risk on your behalf. This is not widely done for IT systems, but everyone does it all the time in their personal lives. Car, health and life insurance are all ways to transfer risk. In these cases, risk is transferred from the individual to a pool of insurance holders, including the insurance company. Note that this does not decrease the likelihood or fix any flaws, but it does reduce the overall impact (primarily financial burden) on the organization or an individual.
iii) Risk Mitigation
Risk Mitigation is the most commonly considered risk management strategy. Mitigation involves fixing the flaw or providing some type of compensatory control to reduce the likelihood or impact associated with the flaw. A common mitigation for a technical security flaw is to install a patch provided by the vendor , patching an OS or hardware drivers. Sometimes the process of determining mitigation strategies is called control analysis. Although, installing a firewall on a computer can reduce the risk of being attacked. But the firewall could be wrongly configured and opening up new vulnerabilities which then could be exploited. Or the firewall – although correctly installed and configured – could not be running and therefore not protecting our asset at all.
Therefore, it is important to always be aware that reducing risk does not mean that it has to go away.
Furthermore, it is also important to always be aware that installing safeguards can open new vulnerabilities or not protect from the vulnerability in the first hand, in the case of misconfigured
NAC ad firewall
.
iv) Risk Acceptance
Risk Acceptance is the practice of simply allowing the system to operate with a known risk. Many low risks are simply accepted. Risks that have an extremely high cost to mitigate are also often accepted.
Beware of high risks being accepted by the management. Ensure that this strategy is in writing and accepted by the manager(s) making the decision. Often risks are accepted that should not have been accepted, and then when the penetration (compromise) occurs, the IT security personnel are held responsible. Typically, business managers, not IT security personnel, are the ones authorized to accept risk on behalf of an organization.
v) Residual Risk
When managing risk, your main goal is to remove or lower risk. Residual risk is the risk which could not be removed (or which was accepted). It is important to stress again that having residual risk is nothing bad but actually the basis of the risk management process. It is normally too cost intensive to minimize every single risk and there is no need to mitigate risk which does not hurt a company.
Managing the residual risk is what the whole risk management process is about: Deciding on which risk to take, which to remove and, finally what to do with the residual risk. However, it is very much crucial that when talking about residual risk, it is important to write down when and how the residual risk was accepted – and to have the board signs that piece of paper so that there exist some evidence when something bad happens in the future.
lydiajane74 answered the question on May 13, 2018 at 23:16
- What are the four basic strategies available for controlling risk? (Solved)
What are the four basic strategies available for controlling risk?
Date posted: May 13, 2018. Answers (1)
- State five functions of advertising agencies.(Solved)
State five functions of advertising agencies.
Date posted: May 12, 2018. Answers (1)
- State four advantages and five disadvantages of newspapers as a tool for advertisement(Solved)
State four advantages and five disadvantages of newspapers as a tool for advertisement
Date posted: May 12, 2018. Answers (1)
- State five advantages and five disadvantages of personal selling in product promotion.(Solved)
State five advantages and five disadvantages of personal selling in product promotion.
Date posted: May 12, 2018. Answers (1)
- State four advantages and four disadvantages of free gifts in product promotion.(Solved)
State four advantages and four disadvantages of free gifts in product promotion.
Date posted: May 12, 2018. Answers (1)
- State four merits and four demerits of showrooms as a method of product promotion.(Solved)
State four merits and four demerits of showrooms as a method of product promotion.
Date posted: May 12, 2018. Answers (1)
- Outline five methods of personal selling in product promotion.(Solved)
Outline five methods of personal selling in product promotion.
Date posted: May 12, 2018. Answers (1)
- What are some of the advantages of using journal?(Solved)
What are some of the advantages of using journal?
Date posted: May 9, 2018. Answers (1)
- Briefly outline constraints in air transit(Solved)
Briefly outline Constraints in Air Transit.
Date posted: May 9, 2018. Answers (1)
- What are the advantages of air freight?(Solved)
What are the advantages of air freight?
Date posted: May 9, 2018. Answers (1)
- Outline some of the common problems of international marketing (Solved)
Outline some of the common problems of international marketing
Date posted: May 9, 2018. Answers (1)
- Give Reasons why long term loans are difficult to raise on Kenya’s financial markets/ limitations of using long-term debts(Solved)
Give Reasons why long term loans are difficult to raise on Kenya’s financial markets/ limitations of using long-term debts.
Date posted: May 9, 2018. Answers (1)
- Outline circumstances under which a company should use short-term debt finance(Solved)
Outline circumstances under which a company should use short-term debt finance.
Date posted: May 9, 2018. Answers (1)
- What the advantages of using debt financing(Solved)
What the advantages of using debt financing.
Date posted: May 9, 2018. Answers (1)
- Give limitations of debt finance/disadvantages of using debt finance to the company(Solved)
Give limitations of debt finance/disadvantages of using debt finance to the company.
Date posted: May 9, 2018. Answers (1)
- Outline requirements a company must meet before raising debt finance(Solved)
Outline requirements a company must meet before raising debt finance.
Date posted: May 9, 2018. Answers (1)
- What are the disadvantages of using retained earnings as a source of finance to the company?(Solved)
What are the disadvantages of using retained earnings as a source of finance to the company?
Date posted: May 9, 2018. Answers (1)
- What are the advantages of using retained earnings as a source of finance to the company?(Solved)
What are the advantages of using retained earnings as a source of finance to the company?
Date posted: May 9, 2018. Answers (1)
- Explain why SACCOS are popular among employees(Solved)
Explain why SACCOS are popular among employees.
Date posted: May 9, 2018. Answers (1)
- What are the requirements for the registration of a business name?(Solved)
What are the requirements for the registration of a business name?
Date posted: May 9, 2018. Answers (1)