What is the role of Incident Response and management in risk mitigation and risk management quizlet?

Any device or process that is used to reduce risk. That is, it attempts to limit exposure to a danger.

Has two levels
Administrative controls are the processes for developing and ensuring that policies and procedures are carried out. In other words, administrative controls are the actions that users may do, must do, or cannot do.

The second class consists of security controls carried out or managed by devices, called technical controls.

sub-types of controls:

Deterrent controls. A deterrent control attempts to discourage security violations before they occur.

Preventive controls. A preventive control works to prevent the threat from coming in contact with the vulnerability.

Physical controls. A physical control implements security in a defined structure and location.

Detective controls. A detective control is designed to identify any threat that has reached the system.

Compensating controls. A compensating control is a control that provides an alternative to normal controls that for some reason cannot be used.

Corrective controls. A control that is intended to mitigate or lessen the damage caused by the incident is called a corrective control.

The mitigate strategy is the control approach that attempts to reduce the impact caused by the exploitation of vulnerability through planning and preparation. Mitigation begins with the early detection that an attack is in progress and the ability of the organization to respond quickly, efficiently, and effectively.

This approach requires the creation of three types of plans: the incident response plan, the disaster recovery plan, and the business continuity plan. Each of these plans depends on the ability to detect and respond to an attack as quickly as possible and relies on the existence and quality of the other plans.

Incident Response Plan (IRP) - Defines the actions an organization can and perhaps should take while an incident is in progress. The IR plan focuses on intelligence gathering, information analysis, coordinated decision making, and urgent, concrete actions.

Disaster recovery plan (DRP) - Includes the entire spectrum of activities used to prepare for and recover from an incident. The DR plan focuses more on preparations completed before and actions taken after the incident.

Business Continuity Plan (BCP) - Encompasses the continuation of business activities if a catastrophic event occurs. The BC plan includes planning the steps necessary to ensure the continuation of the organization when the scope or scale of a disaster exceeds the ability of the DR plan to restore operations.

1- strategic- action that affects the long-term goals of the organization- theft of intellectual property, not pursuing a new opportunity, loss of a major account, competitor entering the market
2- compliance- following a regulation or standard- breach of contract, not responding to the introduction of new laws
3- financial- impact of financial decisions or market factors- increase in interest rates, global financial crisis
4- operational- events that impact the daily business of the organization- fire, hazardous chemical spill, power blackout
5- environmental- actions related to the surroundings- tornado, flood, hurricane
6- technical- events that affect information technology systems- denial of service attack, SQL injection attack, virus
7- managerial- actions that are related to the management of the organization- long-term illness of company president, key employee resigning

Sets with similar terms