CompTIA Security+ SYO-401

Certification Training
9146 Learners
View Course Now!
33 Chapters +

Implementing Appropriate Risk Mitigation Strategies Tutorial

1 Implementing Appropriate Risk Mitigation Strategies

An organization has lot of highly confidential and sensitive data. To protect this data, it is important to use strategies and rules. Let’s learn how to implement appropriate risk mitigation strategies to secure your data by internal and external theft. After completing this lesson, you will be able to: • Comprehend risk mitigation strategies, • Implement appropriate risk mitigation strategies, and • Identify policies and procedures to prevent data loss and theft.

2 Risk Mitigation Strategies

In this topic, you will learn the Risk Mitigation Strategies. People who are planning for their businesses should always consider risk factors, and keep them on priority. This is as important as planning success strategies. You should consider the closest risk factor that can have impact on your business network. After you list down the risk factors affecting your business, think about the strategies that will help you in such situations. This is exactly what Risk Mitigation explains. It helps you with strategies that help you minimize or eliminate the risk factors. In addition to these strategies, we should have a brief sub objective to review some of these methods. These methods are not only the mitigation techniques, but also implementation of processes that enhance the effectiveness of mitigation. Let’s consider a scenario. The administrator of your department purchased a new router to replace an existing one. While replacing router, there was an unexpected network outage in one of the departments. The firewall that usually translates data from one network to another isn’t performing its task. What preventive measures could stop similar situations in future? The answer is to implement Change Management. This outage took place because there was no accurate testing, prior approval, or authorized means to minimize the outage or downtime process. Now, let us understand in detail, what is change management? The most common scenario with organizations is, greater the freedom for network security, higher are the chances of security breach. So, it is important to understand that while making changes in the security mechanism, you need a systematic approach. Here, systematic manner refers to extensive planning, testing, logging, auditing, and monitoring activities related to security controls and management. The accurate structuring will help you prevent unexpected changes that could interfere with network system. Also, it ensures the change will not cause a network outage.

3 Implementing Appropriate Risk Mitigation Strategies

Additionally, change management helps in tracking all the variables in an environment, and ensures they are thoroughly reviewed before allowing into the system. In this topic, you will learn about User Rights and Permission Reviews. When rights and permissions are not maintained, there is increased risk within the network. Users are created as, employees change roles, get promotions, leave the company, or new employees are hired. Each time a user’s role is changed, permissions and user rights also change. Every user is assigned with some privileges, and granted permissions to perform the given task. The user has privilege according to their work tasks and normal activities. Here, the ‘principle of least privilege’ applies. According to this principle, users should be granted only the level of access needed to accomplish their assigned work tasks, and for the shortest period. When this principle is violated, multiple rights and privileges are transferred to the user whose access is no longer acceptable, or were never supposed to be permitted. The main reason for violation of this principle is the incorrectly configured network environment, or if administrators fail to remove older privileges. A user is granted new privileges based on new job descriptions. In this topic, you will learn to identify policies and procedures to prevent data loss and theft.While designing the security infrastructure, it is important you address concerns of data loss or theft, and ensure that every employee adheres to the implemented security policies and procedures. As a System Administrator, it is your role to explain every employee the importance of policies and procedures they ought to follow to prevent data loss and theft. This would help reduce the risk of data theft from internal workers and external entities. For example, ensure that employees don’t use USB devices in any of the computers, or use several authentication methods before entering the server room. As discussed in previous topics, always have backup and restoration solutions to avoid data loss due to accident, oversight, malicious code, or intentional attack.

4 Identify Policies and Procedures to Prevent data Loss and Theft

While designing the security infrastructure, it is important you address concerns of data loss or theft, and ensure that every employee adheres to the implemented security policies and procedures. As a System Administrator, it is your role to explain every employee the importance of policies and procedures they ought to follow to prevent data loss and theft. This would help reduce the risk of data theft from internal workers and external entities. For example, ensure that employees don’t use USB devices in any of the computers, or use several authentication methods before entering the server room. As discussed in previous topics, always have backup and restoration solutions to avoid data loss due to accident, oversight, malicious code, or intentional attack One of the security controls that needs to be enforced is the technology control of Data Loss Prevention or DLP. Operating Systems and email systems possess such technology mechanisms, which can be implemented to prevent data from unauthorized systems, and loss of data from the company network. However, it is vital to enforce DLP with proper training and policies. Another key method to prevent data loss is on-device encryption. This ensures that data stored on the device is inaccessible even with the physical loss or theft. Detailed tracking and logging is used to monitor subjects that interact with data with a high level of sensitivity or value. Granular authentication limits the accounts with access to valuable data. This reduces the risk of exposure.

6 Summary

Let us summarize the topics covered in this lesson. • Risk mitigation provides strategies that help you minimize or eliminate the risk factors. • It is important to understand that while making changes in the security mechanism, you need a systematic approach. • Users should be granted only the required level of access. • While designing the security infrastructure, ensure that you address concerns of data loss or theft. • It is vital that you enforce DLP with proper training and policies. With this, we conclude the lesson, ‘Implementing Appropriate Risk Mitigation Strategies.’ The next lesson is, ‘How to Implement Basic Forensic Procedures.’

  • Disclaimer
  • PMP, PMI, PMBOK, CAPM, PgMP, PfMP, ACP, PBA, RMP, SP, and OPM3 are registered marks of the Project Management Institute, Inc.

We use cookies on this site for functional and analytical purposes. By using the site, you agree to be cookied and to our Terms of Use. Find out more

Request more information

For individuals
For business
Name*
Email*
Phone Number*
Your Message (Optional)

By proceeding, you agree to our Terms of Use and Privacy Policy

We are looking into your query.
Our consultants will get in touch with you soon.

A Simplilearn representative will get back to you in one business day.

First Name*
Last Name*
Email*
Phone Number*
Company*
Job Title*

By proceeding, you agree to our Terms of Use and Privacy Policy