- 4
- 0
- 约7.2万字
- 约 59页
- 2017-12-21 发布于湖北
- 举报
Principals of Information Security, Fourth Edition - …
* Transfer Transfer is the control approach that attempts to shift the risk to other assets, other processes, or other organizations. If an organization does not already have quality security management and administration experience, it should hire individuals or firms that provide such expertise. This allows the organization to transfer the risk associated with the management of these complex systems to another organization with established experience in dealing with those risks. * Mitigation Mitigation is the control approach that attempts to reduce the impact caused by the exploitation of vulnerability through planning and preparation. This approach includes three types of plans: disaster recovery planning (DRP), business continuity planning (BCP), and incident response planning (IRP). Mitigation begins with the early detection that an attack is in progress. The most common of the mitigation procedures is the disaster recovery plan. The DRP includes the entire spectrum of activities to recover from an incident. The DRP can include strategies to limit losses before and during the disaster. DRPs usually include all preparations for the recovery process, strategies to limit losses during the disaster, and detailed steps to follow when the disaster has ended. The actions an organization can and perhaps should take while the incident is in progress should be defined in a document referred to as the incident response plan or IRP. The IRP provides answers to questions victims might pose in the midst of a disaster. It answers the questions: What do I do NOW?! What should the administrators do first? Who should they contact? What should they document? DRP and IRP planning overlap to a degree. In many regards, the DRP is the subsection of the IRP that covers disastrous events. While some DRP and IRP decisions and actions are the same, their urgency and results can differ dramatically. The DRP focuses more on preparations completed before and actions taken
您可能关注的文档
- jgjt98-2010_砌筑砂浆配合比设计规程讲义(东锦内部培训课件)_ppt.ppt
- JTT 527-2004《路面沥青改性材料 苯乙烯-丁二烯橡胶(SBR1502)》[方案].ppt
- led灯具外观考验标准[最新].doc
- Lysbilde 1 - Kristiansund og omegn vekst - en ….ppt
- MANAGERIAL ECONOMICS 11th Edition - Cameron ….ppt
- MANAGERIAL ECONOMICS 11th Edition - ….ppt
- Myers’ PSYCHOLOGY (6th Ed).ppt
- nu cell微整形系统微产品培训手册.docx
- OHSAS 18001_2007(英韩).doc
- Parallel High Throughput WLR Testing for Advanced ….ppt
最近下载
- 2026年新能源大数据行业数据安全报告.docx VIP
- 春节加班奖励报告通知模板.docx VIP
- T_SXCAS 043-2025 公路路面基层煤矸石细集料应用技术标准.docx VIP
- DB61_T 2005-2025 道路多孔水泥混凝土路面施工技术规范.docx VIP
- DB11_T 1322.81-2025 安全生产等级评定技术规范 第81部分:歌舞娱乐场所.pdf VIP
- DB51_T 3317-2025 高寒草地生态修复碳汇核算技术规范.pdf VIP
- DB51_T 3312-2025 四川省斜坡地质灾害隐患风险详查技术指南.pdf VIP
- DB51_T 2192-2025 中小型机场空管设施防雷装置检测技术规范.pdf VIP
- 天津市专业技术人员继续教育公需课党的十九届四中全会精神解读答案样本.pdf VIP
- DB37_T 4934-2025 海水入侵灾害预警技术规程.pdf VIP
原创力文档

文档评论(0)