Computer Security: Principles and Practice, 1/e



Yüklə 15,34 Kb.
səhifə5/6
tarix19.12.2023
ölçüsü15,34 Kb.
#186744
1   2   3   4   5   6
ch14(1)

Minor

Insignificant

Almost
Certain

E
E
E


E
H
H
Likely

E
E
E


H
H
M
Possible

E
E
E


H
M
L
Unlikely

E
E
H


M
L
L
Rare

E
H
H


M
L
L
Risk Level

Description

Extreme (E)

Will require detailed r


esearch and management planning at an
executive/director level. Ongoing planning and monitoring will be required
with regular reviews. Substantial adjustment of controls to manage the
risk are expected, with costs possibly exceeding original forecasts.
H
igh (H)

Requires management attention, but management and planning can be left


to senior project or team leaders. Ongoing planning and monitoring with
regular reviews are likely, though adjustment of controls are likely to be
met from within existing resources
Medium (M)

Can be managed by existing specific monitoring and response procedures.


Management by employees is suitable with appropriate monitoring and
reviews.
Low (L)

Can be managed through routine procedures.


Document in Risk Register and Evaluate Risks

Risk Treatment

Risk Treatment Alternatives

  • risk acceptance: accept risk (perhaps because of excessive cost of risk treatment)
  • risk avoidance: do not proceed with the activity that causes the risk (loss of convenience)
  • risk transfer: buy insurance; outsource
  • reduce consequence: modify the uses of an asset to reduce risk impact (e.g., offsite backup)
  • reduce likelihood: implement suitable controls

Yüklə 15,34 Kb.

Dostları ilə paylaş:
1   2   3   4   5   6




Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©azkurs.org 2024
rəhbərliyinə müraciət

gir | qeydiyyatdan keç
    Ana səhifə


yükləyin