3. Risk reduction actions

Once risk analysis methods have highlighted the vulnerabilities of the information system, the next step is to find solutions that will reduce the risk to an acceptable level. This chapter presents some of these solutions.

3.1 Nature of possible actions

Depending on the stage at which they intervene in the evolution of the threat, risk reduction actions can be prevention, detection, correction or recovery.

Prevention deals with measures to be taken to avoid a disaster. For example:
- raising awareness (among legitimate users) ;
- deterrence (e.g. a tattoo covering the body of a message with an indelible electronic watermark);...

You do not have access to this resource.

Exclusive to subscribers. 97% yet to be discovered!

You do not have access to this resource. Click here to request your free trial access!

Already subscribed? Log in!

Ongoing reading
Risk reduction actions

Previous
page Information system methodologies

Standards and certification

Article included in this offer

"Security of information systems"

( 86 articles )

Complete knowledge base

Updated and enriched with articles validated by our scientific committees

Services

A set of exclusive tools to complement the resources

View offer details

Bibliography

(1) - FOVINO (I.), MASERA (M.), DE CIAN (A.) - Integrating cyber attacks within fault trees. Reliability Engineering and System Safety, - Elsevier, p. 94 (2009).
(2) - STEINER (M.), LIGGESMEYER (P.) - Combination of safety and security analysis....

You do not have access to this resource.

Exclusive to subscribers. 97% yet to be discovered!

You do not have access to this resource. Click here to request your free trial access!

Already subscribed? Log in!