Risk Response Types

  • Risk avoidance: shutdown of servers when there is suspicion of virus infection
  • Risk transfer: hardware insurance to theft, loss and fire damage
  • Risk acceptance: let employees receive private emails in company accounts
  • Risk mitigation: implement multi-factor authentication to protect trade-secrets

Types of Risk Assessment

  1. Qualitative
    • The financial officer’s estimate that password scanning attacks are highly probable.
    • The IT manager’s opinion on what impact a flood would have on the server room.
  2. Quantitative
    • The cost to the company for being offline for one day / it’s servers being offline for one day.
    • The expected, total number of DDoS attacks per year