Founded in 1807, JohnWiley & Sons is the oldest independent publishing company in

Download 5,45 Mb.

Pdf ko'rish

bet	94/114
Sana	23.07.2022
Hajmi	5,45 Mb.
	#845333

1 ... 90 91 92 93 94 95 96 97 ... 114

Bog'liq
chapelle a operational risk management best practices in the

Exposure KRIs

Behavioral controls
Awareness and prudence
Awareness campaign
Training
Fake phishing test
Conduct rules
Rules of confidentiality
Code of conduct
Sanctions rules
Data governance
Data transfer rules
Technical controls
Architecture
Network partitioning
Access management
Firewalls
Encryption
Password rules
Encryption levels and rules
Vulnerability management (patching)
Detection
DLPD
Log-in monitoring
Honeypot
X-ray device screening
Testing
Penetration testing
Password cracking attempt (from IT department)
6
For an excellent discussion on data breaches and DLPD techniques, please read Cheng, L.,
Liu, F. and Yao, D. (2017)
Enterprise Data Breach: Causes, Challenges, Prevention, and Future
Directions
, Wiley.
7
Centre for Cyber Security, op. cit.

Information Security Risks
205
governance, discipline and the technical controls required to guarantee a high level of
security. Information security measures cost time, money and effort, so the benefits of
risk reduction need to be balanced against the cost of controls.
M O N I T O R I N G : K R I S
In highly controlled activities such as information security and cyberprotection, risk
monitoring will focus on the effectiveness of the controls and on any unexpected devi-
ations from normality, whether in exposure, traffic or staff behavior.
T A B L E 1 8 . 3
Examples of KRIs for information security risk
Exposure KRIs
Spread of sensitive information
Number of users/administrators in excess of the norm
Number of third parties with data access
Number of temporary workers and contractors with
confidential data access

Download 5,45 Mb.

Do'stlaringiz bilan baham:

1 ... 90 91 92 93 94 95 96 97 ... 114