Cyber defense

GUÍA DE
CIBERDEFENSA
ORIENTACIONES PARA EL DISEÑO, PLANEAMIENTO, IMPLANTACIÓN Y DESARROLLO DE UNA CIBERDEFENSA MILITAR
26 Although risk avoidance seems a somewhat crude measure, in reality, it is a fairly common in cyberspace. Examples are the implementation of black or white lists in the access to certain web pages or the selective restriction for access to information (need to know).
088.
Cyber risk reduction involves reducing either the severity of the loss or the probability of the loss occurring, for example, by implementing cybersecurity measures, hiring cybersecurity services, investing in cyber deterrence, or implementing contingency plans.
089.
Sharing or transferring cyber risk involves distributing, with a third party, the burden of loss or the measures to reduce cyber risks, for example by taking out insurance as a post- event compensatory mechanism or establishing a collaboration agreement with other organizations potentially affected by same cyber risks.
090.
Cyber risk retention involves accepting the loss of a cyber risk when it occurs. It means doing nothing to reduce the probability or the impact. In practice, all the cyber risks that are neither avoided, reduced or shared are retained.
091.
Cyber risk retention is a viable strategy for extreme cyber risks that is, if the probability of a very severe loss is small or if the cost of insurance is so great that it would hinder realizing the organization’s objectives. An example is the risk that a data processing center will be destroyed by an earthquake in an area with little seismic activity.

Download 2.54 Mb.

Share with your friends: