RISK MITIGATION | COMPUTER FRAUD PROTECTION | FREE CYBERCRIME NOTES
In this article, we will discuss some points related to Computer Fraud Protection from the IIBF Examinations 2022.
It is of utmost importance that management tries to find the organization’s tolerance limit and try to create a business community program that will ensure that risk remains within the limits.
In this article, we will discuss some important controls of risk mitigation that you can include in your business community program.
The risk can be limited by installing different measures through which the adverse effects of potential events can be mitigated.
Role of mitigation controls in your life: Think about when you use an ATM machine to withdraw some cash. When you instruct the ATM machine about how much you want the cash and receive that exact amount, the amount withdrawn is noted on your statement correctly. All this happens because there is some set of mitigation controls that have been installed by the bank. These controls manage and track the disbursements of cash accurately.
Mitigation controls help in managing the risk by providing parallel control over the risks. There are a number of risk mitigation controls and some of them are more important than the others through which maximum value can be obtained by the implementation of these controls.
And some of the most important best mitigation controls, which are critical and effective are discussed below:
THE MOST IMPORTANT RISK MITIGATION CONTROLS
Some of the most important tools or controls to mitigate the risk are discussed, which are thought to be most beneficial for business:
Business Impact Analysis: One important control is business impact analysis which helps an organization manage and control its risk by conducting regular analyses of the potential impact of risks on the business. The things that should be kept in mind while doing this analysis are that it should be comprehensive and must be able to properly assess the criticality of a risk area so that proper attention can be given to it.
Recovery Strategy: Once you have properly analyzed the possible impacts of risks, you can take that analysis as a Foundation to implement the second control i.e recovery strategy. As the name suggests, this strategy is in regard to the action plan as to how quickly you will be needed to recover the business if the risk materializes. It must be fully implemented and seen that it has actually been validated because it is very much important that business get back on its track if it ever meets any downfall.
Recovery Plan. This task is to make a plan which lays out all the details about the steps and actions which will be needed to use the recovery strategy in case it comes to that. It is important because having only your recovery strategy in place will not do anything if you do not know how it will actually be implemented.
Recovery Exercises. Having made a strategy and a plan to implement, we must also have to perform the recovery process as a test. It provides not only as a way to stress test but also as a practice. It is very important to at least practice the strategy at least once as most of the organisations either don’t put enough effort into this part of risk mitigation or don’t do it at all.
Third-party Suppliers. This is important for some of the businesses only because it might not at all be an issue with some of the businesses while it could be critical for others. For businesses that are dependent on third-party suppliers on a critical level, their operations are also required to be as resilient as their suppliers.
Have a great strategy as well as a plan, but it is a fact that a chain is only as strong as its weakest link.
These are the five mitigation controls which a business should focus on while making the business continuity plan so that the risk remains within the tolerance level it has been set.
Having a recovery strategy & exercising this strategy are the main drivers of the success of the plan. They are basically the engine of the machine. It has always been seen that when businesses get into trouble, we usually don’t have any recovery strategy in place which could meet the needs that have been identified in business impact analysis.
It has also been noticed that the businesses which did have the strategy and plan but didn’t put any significant efforts to do the recovery exercises.
BEST PRACTICES AND LESSONS LEARNED
In this part, we will discuss what are the actions which are actually needed and how long or when they must be completed for this mitigation to actually work out.
Assume/Accept. In this action plan, users are brought into the impact categorisation so that they can select (after they have understood the impact of different risks) which risk’s consequences will be acceptable in terms of money and time.
Avoid. Employees are provided with any adjustments which will be needed to reduce their risk as well as the operational implications if they are avoided so that Ken properly understands the implications of their actions.
Control. Control is implemented by performing an analysis of the various options which are available for mitigation of risk. For example, one can always use the systems which are commercially available instead of developing one. It will have different considerations as one would need to take special care to assess the architectural changes needed in a commercially available system.
Transfer. Although accountability, responsibility, and authority for some of the risk areas can be transferred or assigned to other organizations they will also have their own risk. It will increase the dependency and there will be a loss of control.
Watch/Monitor. Once the business has identified a risk and put a plan in place, businesses usually have the tendency where they leave the risk areas to work on their own while they put their hands down. Instead of monitoring it, they leave it to be which might result in losing all the efforts that have been made so far.
So, it is important that if we have put efforts to make plans for a system to work out, you monitor it for its proper working too. Otherwise, all the efforts that have been made are for naught.
YOU MAY ALSO LIKE: