A risk assessment, which is really a tool for risk management, is a method of identifying vulnerabilities and threats and assessing the possible impacts to determine where to implement security controls.After a risk assessment is carried out, the results are analyzed. Risk analysis is used to ensure that security is cost effective, relevant, timely, and responsive to threats.ide
A risk analysis has four main goals:.net
-
Identify assets and their value to the organization.debug
-
Identify vulnerabilities and threats.get
-
Quantify the probability and business impact of these potential threats.同步
-
Provide an economic balance between the impact of the threat and the cost of the countermeasure.博客
Risk analysis provides a cost/benefit comparison, which compares the annualized cost of controls to the potential cost of loss.it
剩余内容请看本人公众号debugeeker, 连接为CISSP考试指南笔记:1.13 风险评估和分析io
本文同步分享在 博客“debugeeker”(CSDN)。
若有侵权,请联系 support@oschina.cn 删除。
本文参与“OSC源创计划”,欢迎正在阅读的你也加入,一块儿分享。class