Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

Chapter 3. The Risk Management Lifecycle > Mitigation Planning and Long-Term St... - Pg. 56

56 CHAPTER 3 The Risk Management Lifecycle MITIGATION PLANNING AND LONG-TERM STRATEGY Once you have gotten to this stage, the assumption is that you have already decided, in the risk evaluation stage, how you want to address the risk at a high level (that is, accepting, mitigating, transferring, or avoiding the risk, and so on), and that you have documented your decision in step 4: Documention. Any of these decisions is going to involve some activity to implement and possibly further flesh out that plan, with avoidance requiring the least planning. The ability to identify the most appropriate mitigation steps for a given risk is a skill that can make or break your security program. It is crucial to find the right mix of controls, both technical and nontechnical, to reduce the likelihood of occurrence or limit the effects enough to be acceptable without putting any undue burden on the organization. This is definitely the time to be creative and think outside the box! Risk Mitigation There are many options for mitigating a risk, and again the focus is not always on trying to eliminate the risk, but rather to reduce the risk exposure to an acceptable level. To mitigate a risk, you either have to 1. reduce the likelihood of occurrence, or 2. limit the severity of the impact, or 3. decrease the sensitivity of the resource. The first two choices are the most common, but in some cases, it may be possible to change the sensitivity of the resource. For example, imagine a Web server in your DMZ with credit card numbers and client names on it. Just by removing the credit card numbers from that server and placing them on an intern- ally protected database tier instead, you could reduce the sensitivity of that Web server significantly without addressing any vulnerabilities or threats. Another option for this example might be to reduce the threat universe by implementing firewall rules to limit source networks that are allowed to connect to the Web server. Again, this option would not limit the severity of the exposure or change the sensitivity of the Web server, but it would reduce the likelihood of abuse by reducing the number of entities who can access the server. There are many other examples of how to reduce the threat universe, for example, imple- menting authentication controls to limit access to a smaller user community. To limit the severity of an exploit, you need to somehow contain the potential compromise. This approach to risk mitigation recognizes that you can't necessarily prevent the exploit, but you can limit the scope or quickly react to prevent further escalation. Most controls in this category will be detective and recovery focused. An active alert triggered from a log file that detects brute forcing of user account pass- words may be too late to prevent someone from compromising a single account, but you may be able to quickly disable the account before any damage is done or the attacker is able to move to another system. Another typical example is limiting the