A risk assessment, which is really a tool for risk management, is a method of identifying vulnerabilities and threats and assessing the possible impacts to determine where to implement security controls.After a risk assessment is carried out, the results are analyzed. Risk analysis is used to ensure that security is cost effective, relevant, timely, and responsive to threats.ide
A risk analysis has four main goals:.net
-
Identify assets and their value to the organization.debug
-
Identify vulnerabilities and threats.get
-
Quantify the probability and business impact of these potential threats.同步
-
Provide an economic balance between the impact of the threat and the cost of the countermeasure.博客
Risk analysis provides a cost/benefit comparison, which compares the annualized cost of controls to the potential cost of loss.it
剩餘內容請看本人公衆號debugeeker, 連接爲CISSP考試指南筆記:1.13 風險評估和分析io
本文同步分享在 博客「debugeeker」(CSDN)。
若有侵權,請聯繫 support@oschina.cn 刪除。
本文參與「OSC源創計劃」,歡迎正在閱讀的你也加入,一塊兒分享。class