Risk mitigation is defined to reduce the effects on business continuity and the disaster recovery.There are 4 types of risk mitigation strategies. Riskacceptance ,avoidance, limitation and transference.
Risk Acceptance: It does not reduce any effects even though it is considered as a strategy.
It is a option when the cost of other risk mitigation strategies such as avoidance or limitation may reduces the cost of the risk itself. A company which doesn’t want to spend much money to avoid risks they will not have any possibilty to occur to use this strategy.
Risk Avoidance: It is reverse of risk acceptance. Comparing to other risk mitigation startegies this risk avoidance is more costly.It takes the counter actions or it avoids when the situation is risk.
Risk Limitation:This is the common strategy used by business. This limits the company to take some counter actions for risk situation by taking some action. It is combination of a risk acceptance and risk avoidance or both.
Risk Transference: It involves in handling the risk off to a third party.
Identify and discuss technological and financial risks that Company M faces.
The term suggests is the financial risk involvesin the financial loss to organisations or companies.This are due to instability and losses in the financial market .Among all risks this one also having highest priority in entire business.There are many technological and financial risks that company faces are:market risk, credit risk, liquidity risk and operational risk.
1. Market Risk :Market risk can be divided as directional and nondirectional risk. Directional risk is due to situation in stock price, interest rates and more.. NonDirectional risk on the can be change of unexpectedly risks.
2. Credit Risk
This risk is when it fails to fulfill their conditions toward the other parties.It can be divided into sovereign risk and settlement risk. Sovereign risk usually is for difficult foreign exchange policies. Settlement risk is nothing but one company may give credit to custoomers and they are failed to do that payment.
3. Liquidity Risk
This risk is in which there is no ability to execute transactions. This can be classified into asset and funding . Asset which is less number of buyers and sellers against to sell orders and buy orders .
4. Operational Risk
This risk is nothing but failures of technical and financial. This contains fraud risk and model risk. Fraud risk due to lack of controls and Model risk due to wrong model application.
Which domains of the IT infrastructure were involved during the four malware events?
In addition, the company dealt with four serious malware events that originated from an unpatched server,
An insecure wireless network used in the manufacturing plant:Wan domain
An insecure remote connection used by a sales person: Remote access domain
A headquarters employee who downloaded a game from the Internet to her workstation:Workstation domain
Three of the malware incidents resulted in files that were erased from the company’s sales database, which had to be restored, and one incident forced the B2B Web site to shut down for 24 hours: User domain
What types of security policies should Company M institute to mitigate those risks?
Policies are defined for security in an area. This depends on security administrator and IT manager to define policies and who should plan the policies.
Types of policies are:
Virus and Spyware Protection policy :This policy detects ,removes,and fixes the effects of virus and risks by using signatures.And also the users who try to download data from download insight is also detects the threats.It finds behaviour of anomalies through Sonar technology.
Firewall policy :This policy is mainly applied to the windows users.This blocks unauthorized users to acess from networks over internet and also which identifies hackers.This will eliminates the traffic of unwanted data.
Intrusion Prevention policy :This protects the applications from risks and also this automatically detects and blocks the network attacks over internet.
LiveUpdate policy:In this policy which have some settings when and how client computers to download the content updates.And also this provide to check for updates.
Application and Device Control :This also applies only to windows clients similar to firewall policy and also MAC computers.This is mainly used to protect the resources from application and manages the devices which are attached to computers.
Host Integrity :This is able to define,enforce,and also which restores the security of networks and data secure.This verifies client to access network and run antivirus ,patches and other related to application.
Exceptions policy :It has ability to not include and processes the detected viruses and spyware scans .
Memory Exploit Mitigation:This stops vulnerability attacks using risk mitigation strategies such as DLL hijacking,heapspray mitigation etc.