Mitigating New Risks: Steps for Project Managers
Question
You are the project manager of your enterprise.
You have identified new threats, and then evaluated the ability of existing controls to mitigate risk associated with new threats.
You noticed that the existing control is not efficient in mitigating these new risks.
What are the various steps you could take in this case? Each correct answer represents a complete solution.
(Choose three.)
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.ABC.
As new threats are identified and prioritized in terms of impact, the first step is to evaluate the ability of existing controls to mitigate risk associated with new threats and if it does not work then in that case facilitate the: -> Modification of the technical architecture Deployment of a threat-specific countermeasure.
-> Implementation of a compensating mechanism or process until mitigating controls are developed -> Education of staff or business partners Incorrect Answers: D: Applying more controls is not the good solution.
They usually complicate the condition.
As a project manager, if you have identified new threats and evaluated the ability of existing controls to mitigate risks associated with new threats, and you have noticed that the existing control is not efficient in mitigating these new risks, then you may need to take the following steps:
A. Education of staff or business partners: Providing education to staff or business partners about the new risks and how to mitigate them can help to prevent potential risks from occurring in the first place. For example, if the new threat is related to phishing attacks, then providing education on how to identify and avoid phishing emails could be an effective solution.
B. Deployment of a threat-specific countermeasure: Deploying a countermeasure that is specifically designed to address the new threat can be an effective solution. For example, if the new threat is related to malware, then deploying anti-malware software could be an effective solution.
C. Modify the technical architecture: Modifying the technical architecture can be an effective solution if the existing control is not efficient in mitigating the new risks. For example, if the new threat is related to network security, then modifying the network infrastructure by adding firewalls or intrusion detection systems could be an effective solution.
D. Apply more controls: Applying more controls can be an effective solution if the existing control is not efficient in mitigating the new risks. For example, if the new threat is related to data security, then applying more data security controls such as access controls, encryption, and data loss prevention (DLP) can be an effective solution.
In summary, the three possible steps that a project manager can take in the scenario where the existing control is not efficient in mitigating new risks are providing education, deploying threat-specific countermeasures, modifying the technical architecture, and applying more controls. The appropriate step to take will depend on the nature of the new threat and the existing control in place.
