When there are chances of rain during the afternoon, it is always a smart move to take an umbrella with you when you are planning to spend the time out. Risk control is a method by which business firms and organizations evaluate potential losses and take action to reduce or eliminate such threats. Risk control is a technique that utilizes findings from risk assessments and implementing changes to reduce risk in these areas. Once risks have been identified, and contingency plans developed, risk control strategies can be developed and implemented. In order to control the risk, we can take action to minimize the effect, change aspects of the event so that the risks disappear, or transfer some of the risk to other parties such as insurance agencies. Below are the five strategies to control the risks within an organization:
Defense
Defense
strategies help to prevent the exploitation of the vulnerability by applying
safeguard that eliminated or reduce the remaining uncontrolled risk. This strategy
is also referred as Avoidance. There are three method of defense: Application
of policy which allows all management levels to mandate that certain procedures
should always be followed, Application of training and education to create
safer and controlled organizational environment and Implementation of
technology to reduce risk effectively.
Transferable
Transferable
risk control strategy attempts to shift the risk to other assets. There might
be another organization to deal with the risk such as insurance agencies. Transfer
of such risks can be done by rethinking, revising development models,
outsourcing to other organization or implementing service contracts.
Mitigation
Mitigation
risk control strategy helps to reduce the impact caused by the exploitation of
vulnerability by the means of planning and preparation. This strategy included
disaster recovery plan, incident response plan and business continuity plan.
Acceptance
Acceptance
risk control strategy is the method or decision to do nothing to protect an
information set from risk but rather accepting the outcome of its exploitation.
Acceptance strategies is valid only if the organization determines the level of
risk, assess the probability of attack, estimated the potential damages and
determines the cost to control the risk to
particular function, asset, data etc.
Termination
Termination
risk control strategy helps to control risk from having negative impact. If the
organization’s choice is not to protect an asset and does not wish to remain at
risk so it will be removed or terminated. Usually termination of the assets occurs
when the cost of protecting the asset outweighs its value.
References:
Gillette, W. (n.d.). Risk control strategies. Retrieved May 9th
2015 from http://www.cs.uwlax.edu/~riley/CS419/RiskControl.ppt
Thorpe, S (n.d.). Risk Control Strategies. Retrieved May 9th
2015 from
Whitman, M. & Mattord, H. (2014). Management of
Information Security. Cengage Learning
No comments:
Post a Comment