What is IT risk
The potential for an unplanned event involving information technology to threaten an enterprise objective (probability * impact)
What is a downside risk?
probable negative outcome
What is a upside risk?
probable positive outcome
What are the components of the 4A framework?
- Availability: Keeping systems running
- Access (confidentiality): Ensuring appropriate acces to data and systems
- Accuracy (integrity): Providing correct, timely and complete information
- Agility: Being able to make necessary business changes
What are the components of the security triad?
- Confidentiality (acces)
- Integrity (accuracy)
- Availability
What are the three core disciplines of IT Risk Management?
- Foundation (A base infrastructure, no spaghetti)
- Risk governance process (procedures and policies)
- Risk-aware culture (everyone has appropriate knowledge of risk)
What are the three possible reactions to IT risk types?
- Do nothing (No intruders, not malicious)
- Shutdown and rebuild (malicious code and will attack soon)
- Build a mirror (malicious and will not attack soon)
What are the four components of risk management?
- Low cost, tolerable risk (lowest priority)
- High cost, tolerable risk (bear the risk)
- High cost, introlerable risk (capitalize costs of risk mitigation)
- Low cost, intolerable risk (mitigate ASAP)
What are the four crisis customer contact response strategies in data breaches?
- Defensive strategy
- Accommodative strategy
- Moderation strategy
- Image renewal strategy
What are the components of the defensive strategy?
- Denial (act like there is no breach)
2. Excuse (minimize responsibility)
What are the components of the Accommodative strategy?
- Apology (apologizing for the breach)
2. Remedial actions (repair and control the damage)
What are the components of the Moderation strategy?
- Ingratiation (make shareholders like organization)
2. Justification (minimize the perceived damage)
What are the components of the Image renewal strategy?
- Correction commitment (reassure that company will avoid similar incidents in the future)
- Stakeholder commitment (reassure that company is commited to providing best services/products)
- Value commitment (reassure that company is committed to its core values)
What are the effects of the defensive strategy on stock price for high and low reputable firms?
High: no significant influence
low: negative, but not significant
What are the effects of the Accommodative strategy on stock price for high and low reputable firms?
High: no significant influence
low: negative, but not significant
What are the effects of the Moderation strategy on stock price for high and low reputable firms?
High: no significant influence
Low: Positive influence
What are the effects of the Image renewal strategy on stock price for High and low reputable firms?
High: no significant influence
Low: Positive influence
What is Identity and Acces Management (IAM)
The organizational process for authorizing people to have acces to applications, systems or networks
What are the three core disciplines of IT risk management?
- Create risk governance process
- Create a risk-aware culture
- Reduce IT complexity (foundation)
What are the components of a Customer contact disclosure strategy?
- Disclosure to whom?
- Medium
- Who contacts them?
- When to contact?
- What to say?
When is availability the issue in a crisis and what is the response?
Cause: Ddos or database has been renamed
Response: stop responding to IP adress, rename file to original name
When is acces the issue in a crisis and what is the response?
Cause: security holes and malicious codes
Response: technology change/upgrade and remove suspicious files
When is accuracy the issue in a crisis and what is the response?
Cause: corrupted database or attacker changed data
Response: use backup
