Threat Mitigation
The process used in lessening the impact of an attack through the isolation or containment of a threat until a remedy is found can be referred to as mitigation. When undertaking mitigation, there has to be planning done to seek options and ways of improving and minimizing threats to attain the set goal. The method of mitigating the risk of vulnerabilities is a state of the business continuity and disaster recovery process, which follows the business impact analysis stage. Mitigation is usually attained using four different ways: accepting the vulnerability, applying standard mitigation, redesigning to eliminate the vulnerability, and inventing new mitigation. These mitigation options have their advantages and disadvantages.
The first mitigation option is redesigning to eliminate the vulnerability. Redesigning is done to avoid the risk of a high probability impact, which could damage the software, leading to financial loss. There are various pros and cons of risk avoidance. It could be the safest way since money and time are invested in ruling out software exposure to any hazardous scenario. The disadvantage is that the security level used comes at a price since risk avoidance measures are expensive. Standards of avoiding risk require a substantial monetary investment (Tran, Childerhouse & Deakins, 2016). Averting data loss has a price, and it is a redundant data system. Personnel shut down systems and transport them to a different location in case of a predicted or foreseen disaster like a hurricane. The cost incurred in mitigating risk is generally high, but worth it.
The second option is the application of standard mitigation. That could also be referred to as risk limitation, which is the most common mitigation strategy. A company takes a specific type of action in addressing a perceived risk, therefore regulating the exposure of vulnerabilities. Risk limitation involves some levels of accepting and avoiding risk. An example of standard mitigation is backing up data daily on a computer system in case of an attack. Some of the advantages of risk limitation are how they strike a healthy balance between risk avoidance and risk acceptance. They are common procedures or rather standard mitigation processes like firewalls implementation and data safety measures, among others. Some of the disadvantages include the cost of implementing these standard mitigation procedures, although it does not exceed the overall impact of the risk itself.
The third option is the invention of new mitigation. If the existing mitigations are not effecting, inventing further mitigation could be a good idea. Also, risks that could have a low probability of happening but would have a sizeable financial impact have to be mitigated by sharing, transferring, or adopting new mitigation (Zarreh, Wan, Lee, Saygin & Al Janahi, 2019). Some of these include outsourcing, purchase of insurance, creating partnerships. Inventing new mitigation extends to the company’s operations like order processing, customer support, and payroll activities like tax calculations, appraisal, salaries, among others. Some of the advantages include contracted experts who give specialized service allow the company to realize resiliency objectives. The disadvantages include the third-party vendor being given the authority to mitigate specific risks that the company may entail, which could not be genuine or may provide wrong information.
The fourth option is accepting vulnerability. The cost of tolerating risk in some cases is cheaper than mitigating risk. Therefore, in such a scenario, it is wise if the risk is accepted and carefully monitored. Accepting the vulnerability is not a risk mitigation approach in the real sense since it does not stop a risk from attacking the systems. Other mitigation strategies used in managing risk incur high expenses, making companies accept risks as occupational hazards. The advantages of accepting vulnerabilities or risks depend on each company’s reasoning. Its consequence is determined by a combination of the probability of the risk and its intensity. Generally, acceptance saves the company a lot of money, which could be used to mitigate risk. The disadvantage is that the cost-benefit only lasts as long as no incident disrupts business or the systems at large.
SDLC
Software Development Life Cycle can be defined as a process that defines stages involved in software development in delivering a high-quality product. These stages show the complete life cycle of software from when the product is incepted to its retirement. SDLC aims to provide products of high quality according to the requirements of the customer. The phases involved in SDLC include requirement gathering, coding, designing, maintenance, and testing (Singh & Kaur, 2019). The stage that requires mitigation techniques in the SDLC process is the design phase. During the design phase of development, the privacy and security requirements need to be carefully reviewed, including the expectations in identifying the risks in privacy and security concerns.
The process of identifying and addressing these concerns and risks contains several steps that have to be followed. The first step is identifying assets that iterate through the capabilities and assets. All possible security threats should be recognized for every security service on each capacity. The second step is, identifying vulnerabilities where Enterprise risk management is the subset of a security assessment or security vulnerability analysis. In this step, the vulnerabilities found in the software environment or the ones that come from software interaction with other systems. The third step is risk assessment. After the risk has been identified, it is then assessed and matched to its potential impact and probability of its occurrence.
The impact can be easily measured or hard to quantify; therefore, it is good to make knowledgeable assumptions and decisions concerning prioritizing risk management plan implementation. The fifth step is risk mitigation, and a plan implemented to reduce or eliminate risk and its impact. The mitigation plan involves the description or, rather, a series of actions that aim to mitigate risks and assign a person on the ground to take up the role. Here is where the four steps of risk mitigation are well applicable, including accepting the vulnerability, applying standard mitigation, redesigning to get rid of vulnerability, and inventing new mitigation.
In conclusion, not all mitigation of vulnerabilities strategies is expensive. Some are cost-effective, and that is why different companies need to deploy their strategy. Avoiding risk has long term benefits that are manifold, especially for those companies who wish to safeguard their mission systems and critical data. Limitation of risk by using standard mitigation is the approach that is commonly used in most companies since it gives a balanced approach to dealing with impactful attacks. Risk transfer is an option feasible for commercial companies that lack time and expertise in developing in-house mitigation strategies. In ensuring business continuity, a third-party vendor should be available to own and take responsibility for the risk.

References
Tran, T. T. H., Childerhouse, P., & Deakins, E. (2016). Supply chain information sharing: challenges and risk mitigation strategies. Journal of Manufacturing Technology Management.
Zarreh, A., Wan, H., Lee, Y., Saygin, C., & Al Janahi, R. (2019). Risk Assessment for Cyber Security of Manufacturing Systems: A Game Theory Approach. Procedia Manufacturing, 38, 605-612.
Singh, A., & Kaur, P. J. (2019). Analysis of software development life cycle models. In Proceeding of the Second International Conference on Microelectronics, Computing & Communication Systems (MCCS 2017) (pp. 689-699). Springer, Singapore.

Published by
Essays
View all posts