There are all the Risk for the security of information systems and all aspects of life. Risk cannot be avoided, but on the other hand, it is can take care of everything. We are usually the most concerned, our primary business and State-of-the-art confirmed results of best practices on the basis of the risks. All risks which may affect the primary business operations to be checked carefully the impact of the training itself; the risks which may be severe. Therefore be based on validated data; an example of the Bank's branch, which has been 5 armed robberies in the past 2 years is likely to see another server that is being attacked by several times in the past are likely to be attacked again. In addition, all risks that the companies ' own corresponding organizations can we shall also be considered. If many organizations similar to we have seen special attack, against itself, we may in the future.
All particular risk we may choose to accept it. Risk may not be as big, or maybe all of retaliation is too expensive; there is now a positive return on investments do not (return on ROI). For example, an enterprise uses telnet servers and use telnet to send over the network in clear text passwords and user names.It was found that the case, the risk was so great and it was accepted to the many risks simply we accept.
The organization also mitigate or reduce the risk through appropriate checks.For example, there is a risk, but that the risk may be reduced to the following substances mentioned as reference Nos good firewall intrusion detection system (IDS) and anti-virus, connecting to the Internet. These are all security controls to mitigate the risk. In some cases, the risk is reduced to the extent that the risk is no longer the case.
It is also possible in some cases, for example, move to the other, the insurance risk.In fact, this is often referred to as the "insurance model" and apply in some places in IT IT insurance is becoming increasingly common.
One option that is not acceptable, sticking your head sand and ask there is no danger. in the same way as a friend of mine claims his chain smoking tobacco is not a health risk to themselves, this is stupid and illogical.
Always there is a risk but rationally to reduce the adoption, and to provide, where appropriate, by transferring the risks, we can reduce the risk to an acceptable level.
0 comments:
Post a Comment