Risk mitigation is a process to develeop new enhances or options to reduce the effect of threats to the project.This risk mitigation monitor the identified risks, new identifying risks ,and it also evaluates the risks process for effectiveness.
In risk management we are having the 4 iterative steps are:
1)Risk identification:which identifies the risks
2)Risk impact assesment:which assess its probability and consequences of risks
3)Risk prioritization analysis:decision analytic rules are applied and priotizes risks high to least level
4)Risk mitigation planning,implementation and progress monitoring:it is designed to manage,reduce the risks
Risk mitigation strategies are:
Assume/Accept:It identifies the existed risk and makes an decision to accept and to not involved in some activities to control it.
Avoid:It makes some changes to requirements to reduce the risk.This changes could be funding,schedule or some requirements.
Control:Implement actions to minimize the impact or likelihood of the risk.
Transfer:We shouls reassign the accountability ,responsibility on a stakeholder to accept risk.
Watch/Monitor:Monitor the process for changes to which it affects nature or there will be an impact on the risk.
Identify and discuss technological and financial risks that Company M faces:
In company's they have varying levels of control regard to risk.Some risks can be managed and some are out of the control of comapny.Financial risks are divided into 4 types .They are market risk, credit risk, liquidity risk and operational risk.
Market risk:This involves of changing conditions in the market in which a company competes for the business.Example of this risk is increasing tendency of costumers to online shopping. In competitive world's market, often with less profit margins,and also the company which is top in financial compare to other companies which gives the value or less amount on the product and this gives a good identity to them.
Credit risk:It is the risk business that may effects by providing credit to customers.Many companies provide the finance to the customers on purchasing their products,where the customers may do the late payments.And company should able to handle all credit problems and it have the enough money money to accounts payable to the particular duration .Otherwise suppliers may stop crediting to the company or it may stop doing the business together.
Liquidity risk:In this we are having 2 types of liquidity are asset liquidity and operational funding liquidity.In asset liquidity refers to a company can sell its assets to cash for the sake of need of cash flow.operational funding is nothing but cash flow depends on daily basis.Money is important to run the business .
Operational risk:It refer to the various risks that can arise from a business activities. The operational risk includes lawsuits, fraud risk, personnel problems and business model risk,companies maketing and growth may inaccurate or in adequate.
Which domains of the IT infrastructure were involved during the four malware events?
The company dealt with four serious malware events that originated from an unpatched server are:
An insecure wireless network used in the manufacturing plant:
An insecure remote connection used by a sales person:
Remote access domain
A headquarters employee who downloaded a game from the Internet to her workstation:
Three of the malware incidents resulted in files that were erased from the company’s sales database, which had to be restored, and one incident forced the B2B Web site to shut down for 24 hours.
What types of security policies should Company M institute to mitigate those risks?
Policies can be defined for a purpose of security. It is up to security admin and manager to classify what policies need to be defined and who should plan the policies. There could be policies for the whole company or policies for particular sections within the company. The different types of policies that are:
Password policies:This sytem depends on passwords to be keep secret .In a password authentication implemented on a system, passwords are vulnerable to compromise due to five aspects of the system:A password must be initially assigned to a user when enrolled on the system,A user;s password must be changed periodically,The system must maintain a ;password database;,Users should remember their passwords.Employees may not disclose their passwords to anyone like administrators and IT managers.
Administrative Responsibilities:he administrator is responsible for generating and assigning the initial password for each user login. The user must then be informed of this password.In some areas the user password should should not disclose to anyone even to admin for that purpose we can use encryption in username and password.It it is known to admin then the user can change the password .
User Responsibilities:It is the users responsibility to keep passwords private and secure .Password should be schanged on the periodic basis to overcome the passowrd compromise and without telling to admin.
E-mail policies:It is a critical problem in business.Companies need policies to help the employees use e-mail properly,to reduce the risk of misuse and official records which are transferred are properly maintained.Companies need to provide general guidance to employees as how to use official email,personal email and confidential protection on records .
Internet policies:In which where there are set of protocols to search and fing information over internet.we need to use the hypertext and multimedia techniques where it is easy to access .
Backup and restore policies:This are important only if the information stored on the system is of value and importance. Backups are important for a number of reasons like
Computer hardware failure:Such as hardwares or Raid systems fail
Software Failure:software information can be stored wrongly interpreted
User Error:Often deletes or modifies files
Administrator Error:mistakely deletes the user accounts
Hacking:loss of data or altering may done
Natural disasters:floods,earthquakes and fire
And finally we have explained above its risks and also some types of security policies by how we can mitigate the risks.