1 hour 39 minutes
This is risk management information technology.
In our previous lessons, we discuss risk mitigation and avoidance as part of risk management.
Now we will be discussing risk transference as a management response to risk.
This lesson is about risk transference.
We will be discussing different risk transference scenarios and different examples of how this is done depending on the risk level.
Risk transfers is a common business solution.
The organization transfers the risk to another organization by outsourcing
this is similar to buying health or automobile insurance, but in this case the organization by the service to ensure mitigation of the risk,
this can cause significantly higher for the organization. In the long run,
with that in mind, let's talk about scenarios on how risk transference can be done in a small risk environment,
a medium risk environment or an enterprise setting.
The risk is determined as low if there is no significant loss when the threat is realized,
a medium sized risk is where there are substantial loss. When the threat is realized.
Enterprise level risk is geared towards large size businesses with 50 employees or more.
Here is an example for risk transference scenario
and organizations. High traffic website has been a target of a distributed denial of service attack or D does by a group of hackers extorting the company.
The site will go down for a few hours at the time during peak. That causes the business to lose customers and income.
The Ceo and CTO have been discussing other ways to deal with the Adidas
with low risk transference. We can purchase additional network devices that provide dDOS mitigation, such as load balancers in additional servers.
We could also transfer the risk by upgrading to new equipment with vendor support that guarantees the handling of Dido's.
We can also purchase additional security assessments from 3rd Party to eliminate blind spots
that provide guarantee and insurance
with medium risk transference. We can use the third party hosting company to host of website during an outage, which can absorb videos, attract traffic. This is common for high traffic websites.
Some hosting providers can identify boat traffic including unusual http requests and block those before a request attacks the website.
For enterprise risk transference. More sophisticated and expensive solutions are available, such as purchasing a service from DSP to identify and block ddos traffic to ensure legitimate customers are connecting to the web site
Online. 3rd parties, such as very sign and Cloudflare also offer similar services. Another solutions to purchase insurance for any losses stem from Adidas. If this is available,
here is another risk transference scenario.
The organization can no longer manage backups in the office,
But the auditors required to attention of 90 days worth of data for important documents, files and email.
The Ceo suggested to investigate authority of solutions for maintaining the backups
with low risk transference. We can hire a consultant to set up and maintain backups with a favorable contract agreement
with medium risk transference. We can purchase an online backup solution such as Box Wasabi or even AWS
for enterprise with transference personalized services such as Iron Mountain can come to our data center and take the backups and save it in their secure facility.
This can then be digitized, encrypted and maintain on their end
personalized service like these are expensive and cost prohibited for smaller and medium sized companies only mission critical data is usually start in this way
as you can see as we add more controls for risk transference. So does the cost of implementation.
Okay. Time for a quick quiz.
Which of the following is not a form of his transference.
Is it a purchasing insurance,
be outsourcing it security skills or C building an in house security team
and the answer is C
building an in house security team is not a form of this transference.
It means that you're actively engaging the acceptance of the risk and mitigating it.
True or false.
Risk transference can cost significantly higher for an organization in the long run,
and the answer is true.
Personalized services can exponentially cost more than upgrading service.
More sophisticated services require expertise and consultants
staff has to be trained to maintain software
and the devices if it was purchased.
Vendor agreements can also increase in price year over year.
we talked about risk transference or risk assignment, which can cause significantly higher for an organization
in the long run
and can include insurance or outsourcing of services.
This is instructor robert Ghana.
Certified Information Security Manager (CISM)
A CISM certification shows you have an all-around technical competence and an understanding of the ...
13 CEU/CPE Hours Available
Certificate of Completion Offered
Certified Information Systems Security Professional (CISSP) 2021
CISSP is the basis of advanced information assurance knowledge for information security professionals. Often referred ...
16 CEU/CPE Hours Available
Certificate of Completion Offered