Wednesday, April 19, 2017

Risk avoidance

Risk avoidance is aimed at preventing the risk from actually occurring. Information security has three standard components: prevention, detection, and response. The prevention element and all it involves are examples of risk avoidance. Training programs, which are designed to increase the ability of employees to recognize and respond to incidents, are good examples of this type of risk handling approach. The information security process is heavily geared toward avoidance in order to reduce, as much as possible, the amount of harm by addressing the risk directly. The last two components of the information security process, detection, and response are embodied in the risk mitigation and risk transference approaches. In the case of risk transference, the response requires an outside party to assume the impact of the risk. Insurance is a prime example of this type of assumption.

Anne Kohnke • Ken Sigler • Dan Shoemaker
Implementing Cybersecurity   INTERNAL   AUDIT   AND   I  T   AU D I  T   S E R I E S
A Guide to the National Institute of Standards and Technology Risk Management Framework

IP forwarding

However, for firewalls using multiple interfaces, ensure that you disable the TCP/IP protocol feature IP forwarding. IP forwarding is actual...