Risk Transference

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
1 hour 39 minutes
Difficulty
Intermediate
CEU/CPE
1
Video Transcription
00:01
This is risk management information technology.
00:04
In our previous lessons, we discuss risk mitigation and avoidance as part of risk management.
00:09
Now we will be discussing risk transference as a management response to risk.
00:15
This lesson is about risk transference.
00:19
We will be discussing different risk transference scenarios and different examples of how this is done depending on the risk level.
00:28
Risk transfers is a common business solution.
00:30
The organization transfers the risk to another organization by outsourcing
00:35
this is similar to buying health or automobile insurance, but in this case the organization by the service to ensure mitigation of the risk,
00:44
this can cause significantly higher for the organization. In the long run,
00:50
with that in mind, let's talk about scenarios on how risk transference can be done in a small risk environment,
00:55
a medium risk environment or an enterprise setting.
00:59
The risk is determined as low if there is no significant loss when the threat is realized,
01:04
a medium sized risk is where there are substantial loss. When the threat is realized.
01:10
Enterprise level risk is geared towards large size businesses with 50 employees or more.
01:17
Here is an example for risk transference scenario
01:21
and organizations. High traffic website has been a target of a distributed denial of service attack or D does by a group of hackers extorting the company.
01:30
The site will go down for a few hours at the time during peak. That causes the business to lose customers and income.
01:38
The Ceo and CTO have been discussing other ways to deal with the Adidas
01:44
with low risk transference. We can purchase additional network devices that provide dDOS mitigation, such as load balancers in additional servers.
01:53
We could also transfer the risk by upgrading to new equipment with vendor support that guarantees the handling of Dido's.
02:00
We can also purchase additional security assessments from 3rd Party to eliminate blind spots
02:06
that provide guarantee and insurance
02:09
with medium risk transference. We can use the third party hosting company to host of website during an outage, which can absorb videos, attract traffic. This is common for high traffic websites.
02:22
Some hosting providers can identify boat traffic including unusual http requests and block those before a request attacks the website.
02:32
For enterprise risk transference. More sophisticated and expensive solutions are available, such as purchasing a service from DSP to identify and block ddos traffic to ensure legitimate customers are connecting to the web site
02:46
Online. 3rd parties, such as very sign and Cloudflare also offer similar services. Another solutions to purchase insurance for any losses stem from Adidas. If this is available,
03:00
here is another risk transference scenario.
03:02
The organization can no longer manage backups in the office,
03:06
But the auditors required to attention of 90 days worth of data for important documents, files and email.
03:12
The Ceo suggested to investigate authority of solutions for maintaining the backups
03:21
with low risk transference. We can hire a consultant to set up and maintain backups with a favorable contract agreement
03:31
with medium risk transference. We can purchase an online backup solution such as Box Wasabi or even AWS
03:40
for enterprise with transference personalized services such as Iron Mountain can come to our data center and take the backups and save it in their secure facility.
03:51
This can then be digitized, encrypted and maintain on their end
03:54
personalized service like these are expensive and cost prohibited for smaller and medium sized companies only mission critical data is usually start in this way
04:06
as you can see as we add more controls for risk transference. So does the cost of implementation.
04:14
Okay. Time for a quick quiz.
04:16
Which of the following is not a form of his transference.
04:20
Is it a purchasing insurance,
04:24
be outsourcing it security skills or C building an in house security team
04:31
and the answer is C
04:34
building an in house security team is not a form of this transference.
04:38
It means that you're actively engaging the acceptance of the risk and mitigating it.
04:46
Okay, next.
04:46
True or false.
04:48
Risk transference can cost significantly higher for an organization in the long run,
04:55
True
04:56
are false,
04:59
and the answer is true.
05:01
Personalized services can exponentially cost more than upgrading service.
05:06
More sophisticated services require expertise and consultants
05:11
staff has to be trained to maintain software
05:13
and the devices if it was purchased.
05:15
Vendor agreements can also increase in price year over year.
05:20
In summary,
05:23
we talked about risk transference or risk assignment, which can cause significantly higher for an organization
05:29
in the long run
05:30
and can include insurance or outsourcing of services.
05:35
This is instructor robert Ghana.
Up Next
Course Assessment - Risk Management and Information Systems Control
Assessment
30m