Cyber defense



Download 2.54 Mb.
View original pdf
Page14/85
Date09.12.2022
Size2.54 Mb.
#60094
1   ...   10   11   12   13   14   15   16   17   ...   85
Cyber Defense Handbook
2
/PILAR
3
,
CRAMM
4
, OCTAVE
5
, etc. Define and prioritize mitigation measures for identified risks. Prepare and implement a risk management plan.
084.
Cyber risk management is a dynamic
process where the identification and assessment of new threats, vulnerabilities and assets must be a continuous task and when a significant change occurs, they must feed the process, generating anew analysis.
085.
There are four traditional ways to mitigate risk avoidance, reduction, sharing and
retention.
086.
Cyber risk avoidance implies not carrying out the activity that may entail a cyber risk.
FIGURE 10.
MISSION CYBER RISK
FIGURE 11.
RISK MANAGEMENT
FIGURE 12.
CYBER RISK TREATMENT


GUÍA DE
CIBERDEFENSA
ORIENTACIONES PARA EL DISEÑO, PLANEAMIENTO, IMPLANTACIÓN Y DESARROLLO DE UNA CIBERDEFENSA MILITAR
26 Although risk avoidance seems a somewhat crude measure, in reality, it is a fairly common in cyberspace. Examples are the implementation of black or white lists in the access to certain web pages or the selective restriction for access to information (need to know).
088.
Cyber risk reduction involves reducing either the severity of the loss or the probability of the loss occurring, for example, by implementing cybersecurity measures, hiring cybersecurity services, investing in cyber deterrence, or implementing contingency plans.
089.
Sharing or transferring cyber risk involves distributing, with a third party, the burden of loss or the measures to reduce cyber risks, for example by taking out insurance as a post- event compensatory mechanism or establishing a collaboration agreement with other organizations potentially affected by same cyber risks.
090.
Cyber risk retention involves accepting the loss of a cyber risk when it occurs. It means doing nothing to reduce the probability or the impact. In practice, all the cyber risks that are neither avoided, reduced or shared are retained.
091.
Cyber risk retention is a viable strategy for extreme cyber risks that is, if the probability of a very severe loss is small or if the cost of insurance is so great that it would hinder realizing the organization’s objectives. An example is the risk that a data processing center will be destroyed by an earthquake in an area with little seismic activity.

Download 2.54 Mb.

Share with your friends:
1   ...   10   11   12   13   14   15   16   17   ...   85




The database is protected by copyright ©ininet.org 2024
send message

    Main page