Anne Kohnke • Ken Sigler • Dan Shoemaker
Implementing Cybersecurity INTERNAL AUDIT AND I T AU D I T S E R I E S
A Guide to the National Institute of Standards and Technology Risk Management Framework
Wednesday, April 19, 2017
Risk avoidance
Risk avoidance is aimed at preventing the risk from actually occurring. Information security has three standard components: prevention, detection, and response. The prevention element and all it involves are examples of risk avoidance. Training programs, which are designed to increase the ability of employees to recognize and respond to incidents, are good examples of this type of risk handling approach. The information security process is heavily geared toward avoidance in order to reduce, as much as possible, the amount of harm by addressing the risk directly. The last two components of the information security process, detection, and response are embodied in the risk mitigation and risk transference approaches. In the case of risk transference, the response requires an outside party to assume the impact of the risk. Insurance is a prime example of this type of assumption.
Anne Kohnke • Ken Sigler • Dan Shoemaker
Implementing Cybersecurity INTERNAL AUDIT AND I T AU D I T S E R I E S
A Guide to the National Institute of Standards and Technology Risk Management Framework
Anne Kohnke • Ken Sigler • Dan Shoemaker
Implementing Cybersecurity INTERNAL AUDIT AND I T AU D I T S E R I E S
A Guide to the National Institute of Standards and Technology Risk Management Framework
Subscribe to:
Post Comments (Atom)
-
Curso Wireshark na UDEMY https://www.udemy.com/curso-profissional-sobre-wireshark/learn/v4/overview A filtragem em sinalizadores...
No comments:
Post a Comment