2 cissp ® Official Study Guide Eighth Edition



Download 19,3 Mb.
Pdf ko'rish
bet89/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   85   86   87   88   89   90   91   92   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

77
Risk Deterrence Risk deterrence
is the process of implementing deterrents to would-be 
violators of security and policy. Some examples include implementation of auditing, secu-
rity cameras, security guards, instructional signage, warning banners, motion detectors
strong authentication, and making it known that the organization is willing to cooperate 
with authorities and prosecute those who participate in cybercrime.
Risk Avoidance Risk avoidance
is the process of selecting alternate options or activities 
that have less associated risk than the default, common, expedient, or cheap option. For 
example, choosing to fly to a destination instead of driving to it is a form of risk avoidance. 
Another example is to locate a business in Arizona instead of Florida to avoid hurricanes.
Risk Rejection
A final but unacceptable possible response to risk is to 
reject risk
or 
ignore 
risk
. Denying that a risk exists and hoping that it will never be realized are not valid or 
prudent due-care responses to risk.
Once countermeasures are implemented, the risk that remains is known as residual risk. 
Residual risk
comprises threats to specific assets against which upper management chooses 
not to implement a safeguard. In other words, residual risk is the risk that management has 
chosen to accept rather than mitigate. In most cases, the presence of residual risk indicates 
that the cost/benefit analysis showed that the available safeguards were not cost-effective 
deterrents.
Total risk
is the amount of risk an organization would face if no safeguards were imple-
mented. A formula for total risk is as follows:
threats * vulnerabilities * asset value = total risk
(Note that the * here does not imply multiplication, but a combination function; this 
is not a true mathematical formula.) The difference between total risk and residual risk is 
known as the controls gap. The controls gap is the amount of risk that is reduced by imple-
menting safeguards. A formula for residual risk is as follows:
total risk – controls gap = residual risk
As with risk management in general, handling risk is not a onetime process. Instead, 
security must be continually maintained and reaffirmed. In fact, repeating the risk assess-
ment and analysis process is a mechanism to assess the completeness and effectiveness of 
the security program over time. Additionally, it helps locate deficiencies and areas where 
change has occurred. Because security changes over time, reassessing on a periodic basis is 
essential to maintaining reasonable security.

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   85   86   87   88   89   90   91   92   ...   881




Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling

kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha


yuklab olish