Академический Документы
Профессиональный Документы
Культура Документы
COEN 250
Risk Management
Risk Management consists of
Risk Assessment
Risk Mitigation
Risk Evaluation and Assessment
Output:
List of current or planned controls
Risk Assessment
Step 5: Likelihood determination
Governing factors
Threat source motivation and capability
Nature of vulnerability
Loss of confidentiality
Risk Assessment
Step 6: Impact Analysis
Can be done quantitatively or qualitatively
Risk Assessment
Step 7: Risk
determination
Risk Level Matrix
Composed of threat
likelihood and impact
Determines risk scale
Risk Scale
Used to determine and
prioritize activities
Risk Assessment
Control Recommendations
Reduce risks to data and system to acceptable level
Base evaluation on
Effectiveness
Legislation and regulation
Organizational policy
Operational impact
Safety and reliability
Perform cost benefit analysis
Risk Assessment
Step 9: Result Documentation
Risk assessment report
Describes threats and vulnerabilities
Measures risk