Risk Treatment
|
|
The risk treatment summarized by Verizon (2017) surveys for the following cybersecurity risk is as appended below:
- The Human Element
- Conduit Devices
- Configuration Exploitation
- Malicious Software
|
|
Threats Resulting from Configuration Exploitation
Risk Treatment Strategy for Configuration Exploitation
|
S/No
|
Threat Scenario
|
Risk Treatment
|
Description of Risk Treatment/ Control |
|
Accept (A)
|
Mitigate /Reduce (MR)
|
|
15
|
SQL Injection
|
-
|
✓
|
- Program secure configurations for hardware and software.
- Install boundary defences.
- Manage security levels of application software.
|
|
16
|
CMS Com-promise
|
|
17
|
Backdoor Access
|
-
|
✓
|
- Create an inventory of authorised and unauthorised software.
- Program secure configurations for hardware and software.
- Set up defences against malware.
- Install boundary defences.
- Manage access control based on access requirements.
- Train and create awareness among employees.
|
|
18
|
DNS Tunneling
|
-
|
✓
|
- Maintain, monitor and analyse audit logs.
- Set up defences against malware.
- Install boundary defences.
- Install controls to protect data.
|
|
19
|
Website Deface-ment
|
-
|
✓
|
- Program secure configurations for hardware and software.
- Conduct vulnerability assessment continuously.
- Remediate identified vulnerabilities.
- Maintain, monitor and analyse logs.
- Monitor and control account usage.
- Manage security levels of application software.
|
|
20
|
DDoS Attack (Scenario 20)
|
✓
|
-
|
- Incident Response and Management.
|
|
-
|
✓
|
- Program secure configurations for hardware and software.
- Limit and control network ports, protocols and services.
- Program secure configurations for network devices.
- Install boundary defences.
|
|
21
|
ICS Onslaught
|
✓
|
-
|
- Incident Response and Management.
|
|
-
|
✓ |
- Create an inventory of authorised and unauthorised devices and software.
- Program secure configurations for hardware and software.
- Set up defences against malware.
|
|
22
|
Cloud Storming
|
-
|
✓
|
- Control usage of administrative privileges.
- Maintain, monitor and analyse logs.
- Develop measures to ensure the organisation is capable of recovering its data.
- Limit access control based on access requirements.
- Monitor and control account usage.
|
Risk Treatment Strategies for “Configuration Exploitation” Threats
CIR Risk Treatment Strategies
|
Risk Treatment Strategy
|
The Human Element
|
Conduit Devices |
Config-uration Exploitation |
Malicious Software
|
Back To: Overview of RAR and BIA
|
|
|
|
|
|
|
Do You Want to Continue BCM Training onsite or online?
Competency-based Course
|
Certification Course |
|
|
|
|
|
Goh, M. H. (2017). A Manager's Guide to Business Continuity Management for Cyber Security Incidents, 2nd Edition. GMH Pte Ltd.
Reference: Chapter 6 Risk Analysis and Review and Business Impact Analysis 6.9 Risk Treatment
Note: This version was the draft 2nd Edition being updated by 2023. The numeric in the square bracket [X.X] cross-refers to the actual chapter and section in the 1st Edition.