As a part of doing business your company has to store customers personal information. The company understands there is a risk of a breach and customer data being compromised. If that were to happen the company wouldn’t be able to afford the corresponding loss so they have decided to purchase insurance to cover any damages that result. What kind of risk management strategy is the company using?
Correct Incorrect Unanswered Report Issue Answer Description
Transference of risk is the act of transferring the risk to a third party. The most popular example of this is purchasing insurance to cover the losses if the risk comes to fruition.
Wikipedia
IT risk management is the application of risk management methods to information technology in order to manage IT risk, i.e.:
The business risk associated with the use, ownership, operation, involvement, influence and adoption of IT within an enterprise or organizationIT risk management can be considered a component of a wider enterprise risk management system.The establishment, maintenance and continuous update of an information security management system (ISMS) provide a strong indication that a company is using a systematic approach for the identification, assessment and management of information security risks.Different methodologies have been proposed to manage IT risks, each of them divided into processes and steps.According to the Risk IT framework, this encompasses not only the negative impact of operations and service delivery which can bring destruction or reduction of the value of the organization, but also the benefit enabling risk associated to missing opportunities to use technology to enable or enhance business or the IT project management for aspects like overspending or late delivery with adverse business impact.Because risk is strictly tied to uncertainty, decision theory should be applied to manage risk as a science, i.e. rationally making choices under uncertainty.
Generally speaking, risk is the product of likelihood times impact (Risk = Likelihood * Impact).The measure of an IT risk can determined as a product of threat, vulnerability and asset values:Risk
=
IT_risk_management - Wikipedia, the free encyclopedia Subscribe to avoid duplicate questions and track your progress over time