From the course: Cloud Security Operations by Pearson
Join today to access over 25,200 courses taught by industry experts.
Risk treatment
From the course: Cloud Security Operations by Pearson
Risk treatment
This lesson is a review, however it does show up again under the subjective, so let's make sure we have it down. Let's look at risk treatment or handling, otherwise known as risk appetite, the first element being risk acceptance. Here the decision makers will not implement any safeguards or controls to decrease residual risk, or the controls considered might not provide adequate return on investment. With risk acceptance, the level of risk is deemed tolerable by the controllers or custodians with approval of the steering committee or C-suite or C-team. Justification in writing or in person is often required, for acceptance, from a security engineer or security architect. Next we have risk avoidance. This consists of deciding not to carry out actions or programs that introduce risk or raise vulnerability to an unacceptable level. A cloud consumer might decide not to put data in certain regions or not even upload certain types of data at all in accordance with GDPR. The customer may…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
(Locked)
Conflicting international legislation8m 27s
-
(Locked)
Ediscovery and forensics3m 56s
-
(Locked)
Issues with PHI and PII in the cloud2m 45s
-
(Locked)
Standard privacy requirements2m 25s
-
(Locked)
Privacy impact assessments (PIAs)2m 38s
-
(Locked)
Risk treatment3m 47s
-
(Locked)
Provider risk assessment programs3m 13s
-
(Locked)
Regulatory transparency requirements3m 11s
-
(Locked)
-
-