Week 6 Flashcards
What is IT risk
The potential for an unplanned event involving information technology to threaten an enterprise objective (probability * impact)
What is a downside risk?
probable negative outcome
What is a upside risk?
probable positive outcome
What are the components of the 4A framework?
- Availability: Keeping systems running
- Access (confidentiality): Ensuring appropriate acces to data and systems
- Accuracy (integrity): Providing correct, timely and complete information
- Agility: Being able to make necessary business changes
What are the components of the security triad?
- Confidentiality (acces)
- Integrity (accuracy)
- Availability
What are the three core disciplines of IT Risk Management?
- Foundation (A base infrastructure, no spaghetti)
- Risk governance process (procedures and policies)
- Risk-aware culture (everyone has appropriate knowledge of risk)
What are the three possible reactions to IT risk types?
- Do nothing (No intruders, not malicious)
- Shutdown and rebuild (malicious code and will attack soon)
- Build a mirror (malicious and will not attack soon)
What are the four components of risk management?
- Low cost, tolerable risk (lowest priority)
- High cost, tolerable risk (bear the risk)
- High cost, introlerable risk (capitalize costs of risk mitigation)
- Low cost, intolerable risk (mitigate ASAP)
What are the four crisis customer contact response strategies in data breaches?
- Defensive strategy
- Accommodative strategy
- Moderation strategy
- Image renewal strategy
What are the components of the defensive strategy?
- Denial (act like there is no breach)
2. Excuse (minimize responsibility)
What are the components of the Accommodative strategy?
- Apology (apologizing for the breach)
2. Remedial actions (repair and control the damage)
What are the components of the Moderation strategy?
- Ingratiation (make shareholders like organization)
2. Justification (minimize the perceived damage)
What are the components of the Image renewal strategy?
- Correction commitment (reassure that company will avoid similar incidents in the future)
- Stakeholder commitment (reassure that company is commited to providing best services/products)
- Value commitment (reassure that company is committed to its core values)
What are the effects of the defensive strategy on stock price for high and low reputable firms?
High: no significant influence
low: negative, but not significant
What are the effects of the Accommodative strategy on stock price for high and low reputable firms?
High: no significant influence
low: negative, but not significant