RISK POLICY

Risk Policy

Risk Policy

An accident can be defined as "any unplaneed, uncontrolled, unwanted, or undesirable event, or sudden mishap that interrupts an activity or function." Every year, fatalities occur and many more injuries occurred as a direct result of accidents at work. Accidents at workplace do not happen by chance. It is usually a case of negligence on the part of employees or the part of management in not taking taking proactive measures to prevent accidents. The outcomes of accidents are injuries to employees or damage to equipment. Whatever the outcome, there are bound to be negative effects in the form of injuries, damages and the emotional or psychological stress suffered by employees attributed to such happenings (Peled 2000 63). Clearly, there are humanitarian, legal and economic grounds for providing a safe and system at work.

Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document.

Defense-in-depth is a multilayered approach that applies multiple strategies to protect resources from external and internal threats. Sometimes referred to as security-in-depth or multilayered security, defense-in-depth is a term used to describe the layering of security countermeasures to form a cohesive security environment. The deployment of a defense-in-depth strategy includes protective measures all the way from your external routers through to the location of your resources and at all points in between.

Deploying multiple layers of security helps ensure that if one layer is compromised, the other layers will provide the security needed to protect your resources. For example, compromising an organization's firewall should not provide an attacker unfettered access to the organization's most sensitive data. Ideally, each layer should provide different forms of countermeasures to prevent the same exploit method from being used at multiple layers (William et al 1999 58-96).

The process of designing security architecture consists of a number of important steps. If any of these steps are missed or incomplete, the security design may not meet the expectations or even the requirements of the organization.

The security architecture design process may be straightforward or complex, depending on the scenario requirements. The “Wingtip Toys” example has been created to illustrate steps in the assessment and design process for the security architecture. For more information about this example, refer to the Network Architecture Blueprint. The remainder of this section identifies and references the fictional organization Wingtip Toys to illustrate how process and technology can be used to mitigate the risks of data compromise when a system is designed or implemented.

The portrayal of change in elite cultures appears to have a strong top down flavor to it. Change tends to be viewed from the perspective of the ...