Flashcards in Part 3 Deck (18)
Evaluate the ____
Risks and Threats
TEN STEPS TO BUILDING A SECURE ORGANIZATION
Having identified some of the challenges to building a secure organization, let’s now look at 10 ways to successfully build a secure organization.
The following steps will put a business in a robust
Another approach is to begin by evaluating the ____.
threats posed to your organization and your data
Threats Based on the Infrastructure Model
The first place to start is to ____ based on an organization’s infrastructure model.
What ____ is in place that is necessary to support the operational needs of the business?
A small business that operates out of one office has ___ as opposed to an organization that operates out of numerous facilities, includes a mobile workforce utilizing a variety of handheld devices, and offers products or services through a Web-based interface.
An organization that has a large number of telecommuters must take steps to protect its ____ that could potentially reside on personally owned computers outside company control.
An organization that has widely dispersed and disparate systems will have more ____ than a centrally located one that utilizes uniform systems.
Threats Based on ____
Are there any specific threats for your particular business?
the Business Itself
Threats Based on ____
Businesses belonging to particular industries are targeted more frequently and with more dedication than those in other industries.
Financial institutions and online retail- ers are targeted because ____
“that’s where the money is.”
Pharmaceutical manufacturers could be targeted to steal ____, but they also could be targeted by special interest groups, such as those that do not believe in testing drugs on live animals.
Businesses are often so narrowly focused on their local sphere of influence that they forget that by having a network connected to the Internet, they are now ____
connected to the rest of the world.
If a piece of malware identified on the other side of the globe targets the ____ used in your organization, you can be sure that you will eventually be impacted by this malware.
Once threats and risks are identified, you can take one of four steps:
Ignore the risk. This is never an acceptable response. This is simply burying your head in the sand and hoping the problem will go away—the business equivalent of _____
not wearing a helmet when riding a motorcycle.
_____ When the cost to remove the risk is greater than the risk itself, an organization will often decide to simply _____ This is a viable option as long as the organization has spent the time required to evaluate the risk.
Accept the risk.
____ Organizations with limited staff or other resources could decide to ____. One method of ______ is to purchase specialized insurance targeted at a specific risk.
Transfer the risk.