Page 58 - DCAP309_INFORMATION_SECURITY_AND_PRIVACY
P. 58

Information  Security and Privacy




                    Notes          Risk: Any kind of analysis  that ties-in specific threats to specific assets with an eye toward
                                   determining the costs and/or benefits of protecting that asset is called risk, or risk assessment.
                                   Risk Acceptance: It is simply accepting  the identified  risk  without taking  any measures  to
                                   prevent loss or the probability of the risk happening.
                                   Risk Avoidance: It is a business strategy in which certain classes of activities or business processes
                                   are not undertaken because the risks are too high to justify the return on investment.
                                   Risk Control: It is the entire process of policies, procedures and systems an institution needs to
                                   manage prudently all the risks.

                                   Risk Management: It is a process to identify and then manage threats which could severely
                                   impact or bring down the organization.
                                   Risk Reduction: It reduces the potential loss associated with that risk.

                                   Risk Transfer: It involves transferring the weight or the consequence of a risk on to some other
                                   party.
                                   Vulnerability: Any kind of asset that is not working optimally and is mission-critical or essential
                                   to the organization, such as data that are not backed-up, is called a vulnerability.

                                   4.7 Review Questions

                                   1.  What is risk? How it results in reducing the potential of any internal or external events to
                                       detrimentally affect a business.
                                   2.  What  is  risk  management?  Discuss  the main  areas  that  have been  focused for  risk
                                       management.
                                   3.  Enlighten the steps involved in risk management.
                                   4.  Explain the risk control measure for an organization.
                                   5.  How to reduce the risk?
                                   6.  Make distinction between risk acceptance and risk avoidance.

                                   7.  Explain the process of risk transfer.
                                   8.  Explain the basic principles of risk assessment.
                                   9.  Describe the various approaches involved in identifying risk.

                                   10.  The purpose of a risk assessment is to help management create appropriate strategies and
                                       controls for stewardship of information assets. Comment.

                                   Answers: Self  Assessment

                                   1.  Risk                              2.   secure
                                   3.  Risk management                   4.   employers

                                   5.  enterprise-wide                   6.   external
                                   7.  vulnerability                     8.   Controls
                                   9.  analyze                           10.  decision  making
                                   11.  knowledge                        12.  Risk Acceptance






          52                                LOVELY PROFESSIONAL UNIVERSITY
   53   54   55   56   57   58   59   60   61   62   63