An online banking institution is concerned that the breach of customer personal information will have a significant financial impact due to the need to notify and compensate customers whose personal information may have been compromised.
The institution determines that residual risk will always be too high and decides to:
Click on the arrows to vote for the correct answer
A. B. C. D.A.
Since residual risk will always be too high, the only practical solution is to mitigate the financial impact by purchasing insurance.
The online banking institution is concerned about the financial impact of a potential breach of customer personal information. Residual risk refers to the level of risk that remains after security controls have been implemented. In this case, the institution has determined that residual risk will always be too high, meaning that the likelihood of a breach occurring and the potential impact of such a breach are both considered unacceptable.
Option A, to mitigate the impact by purchasing insurance, is a valid approach to risk management. By purchasing insurance, the institution can transfer some of the financial risk associated with a breach to the insurance company. However, this does not address the underlying security issue and does not necessarily reduce the residual risk.
Option B, to implement a circuit-level firewall, is a technical control that can help to protect the network from unauthorized access. However, a firewall alone is not sufficient to mitigate the financial impact of a breach of customer personal information.
Option C, to increase the resiliency of security measures in place, is a valid approach to risk management. By increasing the resiliency of security measures, the institution can reduce the likelihood of a breach occurring and/or reduce the potential impact of a breach. This could include measures such as regular security assessments, security awareness training for employees, and implementing security controls such as access controls, encryption, and monitoring.
Option D, to implement a real-time intrusion detection system, is a technical control that can help to detect and respond to unauthorized access attempts. However, like option B, it does not directly address the financial impact of a breach of customer personal information.
Overall, option C is likely the best approach for the online banking institution to manage the risk of a breach of customer personal information. By increasing the resiliency of security measures in place, the institution can reduce the likelihood and potential impact of a breach. However, it is important to note that risk management is a continuous process, and the institution should regularly review and update its security measures to ensure they remain effective.