Please enable JavaScript.
Coggle requires JavaScript to display documents.
Risk Related Concepts (Importance Of Policies to Reduce Risk (Acceptable…
Risk Related Concepts
Importance Of Policies to Reduce Risk
Acceptable Use Policy
Privacy Policy
Security Policy
Mandatory Vacation
Job Rotation
Separation Of Duties
Least Privilege
BYOD Policy
Risk Response
Mitigate
Transfer
Avoidance
Deterance
Acceptance
Risks with Virtualization
Orphan VM
VM Escape
Prohibited Software
Best Practices and Standards
Risk With Cloud Computing( Concerns)
Confidentiality
Availability
Server Availability
Backups
Control in Others Hands
What a control is
Deterant Copntrols
Discourge Potential Attackers
Preventative Controls
Avoidincedent from occuring
Detective Controls
Identify Incidents
Compensating Controls
Alternative Controls
Technical Controls
Password, Encryption, Smart cards
Administrative Controls
Policies, Procedures
Control Types
Technical
Passwords/Encryption
Management
Policies
operational
Procedueres / standards
Separation Of Duties
Also Watch for Collusion
Can Create Room for abuse fraud or malpractice
Least Privilege
Give exact Amount of Permission They Needs To Get Job Done.
Insuffecnt lost of complaints
Exceed and be vulnerable
False Negative
No recognition of Error
no vis
Vulnerabilities
The Absence Or Weakness Of a Control
Conrol there but weak
Lock on door that many keys can open
Control MIssing
Patches Are Missing
No using best practices
Leaving at end of day not logging off?
Leaving to washroom
Threat Factors
Any Agent that can exploit vulnerabilities is a threat
Risk / Probability
The Likelihood that something negative will happen
When you have vulnerabilities is it Probable that the agent can exploit it or not?
Recovery
Recovery Time Objective
Recovery Point Objective
False Positives
Error Signal is Wrong