One of the ways of mitigating risk is to transfer the risk to another party, insurance is a form of risk transfer however the use of insurance can introduce a need for additional controls.
Most insurance policies require those taking them out to abide by a set of rules, in order to reduce the risk to the insurance company. Failure to keep to the terms and conditions of an insurance policy can make it invalid and it no longer covers the risk, which is reverted back to the orginal owner.
An example of this happening was reported in the New York Times when Golden State Bridge, was robbed of more than $125,000 when cybercriminals hacked into its bank account. The bank didn't cover the claims as the found the office manager had violated policy by visiting a social networking site, which it believed was how her computer was infected with malicious software, or “malware,” that antivirus software did not detect. This was sufficient to prevent the bank policy paying out.
When assessing risk, the risk mitigation process can introduce new vulnerabilities or increase the level of a vulnerability or the impact of a control mechanism which needs to be taken into account before final aaproval is given.
No comments:
Post a Comment