Last week, my blog spoke on identify and assessing risks that you have on your computer. Hopefully, you have gone through and done just that. Now is the time to control those risks. You can do this by one of four strategies; avoidance, transference, mitigation, or acceptance. These four are in order on a proactive (taking care of a problem before it happens) stance for strongest security to weakest:
Avoidance is the strategy that uses safeguards to help eliminate or reduce your uncontrolled risks.
Transference is the strategy that allows you to shift risks to other areas.
Mitigation is the strategy that helps reduce impact if an attacker successfully exploits a vulnerability.
Acceptance is the strategy, well; it isn't even a strategy in my opinion because it is understanding the consequences of deciding not to control your vulnerabilities.
(Whitman & Mattord, 2010).
My honest opinion is to use the strategy of avoidance. Within this strategy, you apply some sort of policy. This helps control and manage procedures that everyone must follow. You also allow and apply education and training to all those involved with the security of your computer. Within this strategy, you counter your threats by using defense mechanisms such as your security controls and safeguards (Whitman & Mattord, 2010).
Transference and mitigation both come with risks. Transference allows you to take your problems and push them somewhere else. The main concern is outsourcing. Are you going to trust your risks in the hands of someone else? I sure won't. I plan to manage them myself. Mitigation just allows you to plan for issues through the use of specific plans such as an incident response or disaster recovery plan (Whitman & Mattord, 2010). I don't know about you, but I want to make sure those risks are taken care of now and not find out that a control did not work. Don't get me wrong, I am all for creating these plans, but you need to be proactive and reactive not just reactive.
If you decide to go with acceptance as your strategy, be forewarned that you will be susceptible to attacks. This is, in my opinion, a choice to do nothing in protection of your assets. If you chose to go this route, say hello to hackers such as Anonymous taking control of your system. You will be very easy to hack. I will be honest, I will not be sorry for anyone taking this route and then losing all their important data. Control your risks by implementing a secure strategy.
Reference
Whitman, M & Mattord, H. (2010). Management of Information Security. Boston, MA: Course Technology, Cengage Learning.
No comments:
Post a Comment