Chapter 4 Risk Management
1. What is risk management? Why is identification of risks, by listing assets and their vulnerabilities, so important to the risk management process? Risk management is the process of identifying risk, as represented by vulnerabilities, to an organization’s information assets and infrastructure, and taking steps to reduce this risk to an acceptable level. Each of the three elements in the C.I.A. triangle, introduced in Chapter 1, is an essential part of every IT organization’s ability to sustain long-term competitiveness. When an organization depends on IT-based systems to remain viable, information security and the discipline of risk management must become an integral part of the economic basis for making …show more content…
The vulnerabilities identified by most of these tools extend beyond software defects (which are fixed by patching) to include other easily exploitable vulnerabilities, such as unsecured accounts, misconfigurations and even back doors. There are several types of assessment tools available.
Although these tools have general similarities, they can vary in the methods and processes they employ to identify vulnerabilities. As a best practice, you shouldn't rely on a single assessment tool but should use different tools to gain a broader perspective of their exposure to vulnerabilities. Open-source or shareware assessment tools are available online and can be used to supplement commercial scanners
11. What is competitive disadvantage? Why has it emerged as a factor? Competitive disadvantage is the state of falling behind the competition. It has emerged as a factor because business which do not stay on the cutting edge of IT can quickly fall behind the competition, given the current fast pace of technological advances.
12. What are the strategies from controlling risk as described in this chapter? The four risk control strategies are avoidance, transference, mitigation and acceptance.
13. Describe the “defend” strategy. List and describe the three common methods. The strategy of avoidance involves applying controls that eliminate or reduce the remaining