Full width home advertisement

Post Page Advertisement [Top]

There's inherent risk and residual risk, and a third term I can't remember. It's a term to describe risk that a security control adds by its inclusion. For example:

* A security tool that automatically isolates computers that fail health checks can impact availability, especially if there are false positives.
* A fire suppression system that eliminates oxygen presents a new danger to the people inside.
* Offsite backup storage presents new confidentiality risks in transit and at the new location.
* Cloud-based systems generally increase availability, but are dependent on an internet connection. Interruption of service will bring them down.




These are all tools that can be mitigated through configuration or other controls. But they are risks that wouldn't be there without the controls in place.

SOLVED: It's Secondary Risk. Primary Risk is what was in the original risk assessment, secondary risk is the risks that were added by the controls mitigating the primary risk. submitted by /u/skribsbb
[link] [comments]


http://dlvr.it/T9H727

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
'; (function() { var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true; dsq.src = '//' + disqus_shortname + '.disqus.com/embed.js'; (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(dsq); })();

Bottom Ad [Post Page]

Copyright 2017, " Vpentest ". All rights Reserved.
| Designed by Colorlib