Security Management Programs and Oversight: Risk Management Strategies Flashcards
There are several common methods of risk management that you should know, which one are they?
Transfer: Transfers risk to a third party. An excellent example is moving a service to the cloud where experts can assist with the risk.
Accept: Includes making exceptions or exemptions for the risk. Essentially, you fully understand the risk, and the potential for loss as a result of the risk, but continue to operate the solution.
Avoid: Alters a system’s exposure to threats. An example of this might be to not deploy a new module or solution because the perceived risk and potential loss is so great.
Mitigate: Places controls to reduce the impact of risk. An example is the deployment of an intrusion detection system (IDS) or intrusion prevention system (IPS) to try and nullify the risk of a cyberattack.
