IS ASSURANCE - W7 Flashcards
Risk Control Strategies:
What it is:
Methods
Outputs
This involves developing and implementing measures to mitigate or eliminate the identified risks, reducing their likelihood or impact.
What it is:
Risk avoidance (eliminating the activity generating the risk), risk reduction (minimizing the likelihood or impact), risk transfer (shifting the risk to another party), or risk acceptance (acknowledging the risk and monitoring it).
Methods
Implemented controls, policies, procedures, training programs, insurance policies, etc., tailored to each risk’s specific characteristics.
Outputs:
Preventive Controls:
Access Controls
Data Loss Prevention (DLP)
Network Security
Vulnerability Management
Security Awareness Training:
User authentication, authorization, role-based access control (RBAC), multi-factor authentication (MFA).
Access Controls
Software solutions to prevent unauthorized data exfiltration.
Data Loss Prevention (DLP)
Firewalls, intrusion detection/prevention systems (IDS/IPS), secure network protocols (e.g., HTTPS).
Network Security
Patching systems, penetration testing, vulnerability scanning.
Vulnerability Management
Educating employees about cyber threats and safe practices.
Security Awareness Training:
Corrective Controls:
Incident Response:
Backup and Recovery:
Business Continuity and Disaster Recovery (BCDR):
Having a plan to respond to and contain security incidents effectively.
Incident Response:
Regularly backing up data and having procedures for restoring it in case of an attack or outage.
Backup and Recovery:
Having plans to ensure critical business functions continue even during disruptions.
Business Continuity and Disaster Recovery (BCDR):
Numerical data and statistical analysis.
Quantitative
