Français
3. Risk reduction actions
Once risk analysis methods have highlighted the vulnerabilities of the information system, the next step is to find solutions that will reduce the risk to an acceptable level. This chapter presents some of these solutions.
3.1 Nature of possible actions
Depending on the stage at which they intervene in the evolution of the threat, risk reduction actions can be prevention, detection, correction or recovery.
-
Prevention deals with measures to be taken to avoid a disaster. For example:
raising awareness (among legitimate users) ;
deterrence (e.g. a tattoo covering the body of a message with an indelible electronic watermark);...
The Ultimate Scientific and Technical Reference
This article is included in
Security of information systems
This offer includes:
Knowledge Base
Updated and enriched with articles validated by our scientific committees
Services
A set of exclusive tools to complement the resources
Practical Path
Operational and didactic, to guarantee the acquisition of transversal skills
Doc & Quiz
Interactive articles with quizzes, for constructive reading
Risk reduction actions
Standards and certification
Bibliography
Websites
CLUSIF – French information systems security club
AFAI – French IT audit and consulting association
ANSSI – Agence nationale de la sécurité des systèmes d'information (French...
Standards and norms
- Risk management – Vocabulary – Guidelines for use in standards - ISO 73 Guide ISO 7312-09 -
- Information Technology – Safety technology – Information security management systems –Requirements - ISO CEI 27001-22 -
- Information Technology – Safety technology – Code of practice for information security management - ISO CEI 27002-22 -
- Information Technology – Safety technology – Guidelines for...
The Ultimate Scientific and Technical Reference
