Did you know Cybrary's video training is FREE? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.
In this lesson participants will be introduced to key concepts in policies, procedures, standards and guidelines as they pertain to risk management and legal liabilities. You will learn about the constraints affecting an organization, and details regarding each particular constraint. What are our constraints? - Legal - Physical and environmental - Ethics - Culture - Costs - Personnel - Organizational structure - Resources (capital, technology, people) - Capabilities (Knowledge, training, skills) - Time - Risk appetite Legal drivers as they pertain to liability: - Failure of management to execute Due Care and/or Due Diligence can be termed negligence. Culpable negligence is often used to prove liability in a court of law - The Prudent Man Rule: You are expected to perform duties in the same manner as a prudent person in similar circumstances An example of Due Care would be the setting of policy, and an example of Due Diligence would be enforcing that policy. - Downstream liabilities; integrated technology with other companies can extend one's responsibility outside the normal bounds The use of outsourcing and third party service providers can increase the risks to the organization. We are only transferring risk when we use outsourcing, but we have no guarantee that the third party will recompense us in the case of loss.