Risk Mitigation - implementation of a safegaurd or security control that minimizes or eradicates vulnerability, Risk avoidance - eliminating the risk. area is prone to earthquakes. so i will not make this my building location, Risk Acceptance - application no longer supported by vendor. admin decides to purchase latest versions but not possible with budget, Risk Transferance - given to 3rd party.accomplishd via some type of insurance., storing PHI with tokenization of sensitive data - store w/encryption or database, PCI-DSS - standard mandated by credit card companies that applies to any org that handles card holder data, PIA(privacy Impact Assessment) - determines how organizations collects, processes, stores, and shares PII, SOC Type 2 (service organization control) - may or may not involve the analysis of PII. This measures the org's security stance and capabilities over time, Annual loss Expectancy - annual rate of occurance * Single loss Expectancy, Impact assesment - estimate the potential costs related to a threat, Deterrent - Warning signs, Security gaurds, Video Cameras, Corrective - Server is restored from backups, , preventive - Firewalls set perimeter network boundaries, MOU(Memo of Understnading - not legally binding casusal agree ment between two parties, BPA(Blanket Purchase Agreement) - permits recurring purchases. if placing multiple orders or hiring a contractor for more than one job, ISA(Interconnection Security Agreement)) - agreement that defines the technical specification for connectivity between the systems in two or more orgz, SLA(Service Level Agreement)) - garantees a specific level of service, including uptime, performance requirement, menatime between failures and other, NIST SP 500-292 - this frame work is used by the Federal government,

domain 5.0

Imprimir
Incrustar

Tauler de classificació

Estil visual

Opcions

Canvia de fonament

Restaurar desada automàtica: ?