Activity
Mon
Wed
Fri
Sun
Jan
Feb
Mar
Apr
May
Jun
Jul
Aug
Sep
Oct
Nov
What is this?
Less
More
Memberships
CISSP Study Group
Public • 963 • Free
4 contributions to CISSP Study Group
11d ago in
Difference between Risk Avoidance and Risk Acceptance and when to use it.
Hey everyone. Can someone please explain the difference in Risk Avoidance and Risk Acceptance and when should I use one or the other?
1
4
New comment 9d ago
1 like • 10d
Risk acceptance is when you acknowledge the risk and potential consequences, but don't take any action to address it (avoid, limit, mitigate, transfer, etc.). Risk voidance is taking action to completely eliminate risk. In the example of PCI DSS, if you process card holder data (CHD) inside your organization's systems (i.e. accept it on a form via fax (not a good practice, don't do this)), you hold some level of risk in handling CHD. You can choose to accept the risk OR you can outsource handling of CHD to another organization, like PayPal or Stripe. By outsourcing (or transferring) the handling of the CHD, your organization avoids the risk because the data never hits your technology.
Jul 27 in
Introductions
Welcome to the group! Please share what you hope to gain from being here, and for fun tell us the best piece of advice you've ever received.
Complete action
23
108
New comment 11d ago
4 likes • 11d
Hi Everyone! I am a new featured instructor here in the study group. I am slowly ramping up, and you will see more of me in the new year. I have 7+ years experience in Information Security , focusing on governance, risk, and compliance. My passion is human risk management and security awareness. My academic background includes a bachelor's in computer security, and a master's in education. So I know what and why (InfoSec), and when and how (edu) to train and teach. I currently offer consultative and contract services in the GRC, security awareness, and technical writing spaces. Personally, I have 4 babies (2 cats, 1 dog, 1 human). My little one is just about 6 months old. I have recently left my 9-5 job to find work more flexible to my responsibilities as a wife and a mother. I look forward to getting to know everyone and providing productive study sessions and resources. Check me out on... https://www.linkedin.com/in/marisa-tranchitella/ https://medium.com/@m.tranchitellafoltz
11d ago in
11/14/24 Study Group Slides
For those who attended today's study group - here is a PDF of the slides. For anyone who didn't attend today, the topic was Human Risk Management, and the slides are linked as a PDF.
6
6
New comment 9d ago
1 like • 11d
@Adam Waring I am still working out my schedule with Vincent and against my child care situation. I will be transitioning to a be a regular featured instructor by the new year.
23d ago in
Practice Question!
A large financial institution discovers unusual network traffic patterns at 2 AM. Initial investigation reveals encrypted data being transferred from a server containing customer financial records to an unknown external IP address. The CISO is immediately notified. System logs indicate that the suspicious activity originated from a privileged account belonging to a recently terminated system administrator. The account was supposed to have been disabled during off-boarding last week. What should be the FIRST priority for the incident response team?
Poll
44 members have voted
3
5
New comment 20d ago
1 like • 21d
@Chitra Lakshmi kali The suspicious activity originated from that account, but the language may lead us to also infer other accounts may be compromised, so shutting all pathways in/out to prevent further data loss. You can lock the front door, but the garage door left unlocked can still cause an issue. Another metaphor - you stop the leak by shutting the water off first instead of trying to patch the pipe first.
1-4 of 4
@marisa-tranchitella-foltz-6279
Human Risk Management Specialist | GRC Analyst | MS Ed
Recently left my corporate job in search of something more flexible for mom life...
Active 4d ago
Joined Nov 1, 2024
powered by