- 1、本文档共85页,可阅读全部内容。
- 2、有哪些信誉好的足球投注网站(book118)网站文档一经付费(服务费),不意味着购买了该文档的版权,仅供个人/单位学习、研究之用,不得用于商业用途,未经授权,严禁复制、发行、汇编、翻译或者网络传播等,侵权必究。
- 3、本站所有内容均由合作方或网友上传,本站不对文档的完整性、权威性及其观点立场正确性做任何保证或承诺!文档内容仅供研究参考,付费前请自行鉴别。如您付费,意味着您自己接受本站规则且自行承担风险,本站不退款、不进行额外附加服务;查看《如何避免下载的几个坑》。如果您已付费下载过本站文档,您可以点击 这里二次下载。
- 4、如文档侵犯商业秘密、侵犯著作权、侵犯人身权等,请点击“版权申诉”(推荐),也可以打举报电话:400-050-0827(电话支持时间:9:00-18:30)。
查看更多
Risk Assessment Components By communicating a consistent structure for evaluating the components of risk, digital asset owners and OTG have a common taxonomy to track the progress and contribute to the evaluation process. It is important to note that many stakeholders are required to sufficiently address each component. This is especially true for the more subjective areas of business impact costs, the likelihood of vulnerabilities occurring, and the larger cost/benefit analysis to evaluate new control solutions. Stakeholders can include risk management experts who are involved in calculating risk, security analysts who know specific vulnerabilities and threat probabilities, data owners who know the value of the digital assets under consideration, and security architects and engineers who can identify potential security controls to mitigate risk. Risk assessment for the IPsec project looked like the following: ? Asset: Protecting digital assets in the Highest Value and High Value data classes. ? Threat: Unauthorized access, compromise of data integrity “over the wire,” and information gathering that may lead to an expanded attack. ? Impact: Microsoft suffers lost revenue and reputation from stolen or damaged data and intellectual property. ? Vulnerability: Attacks may occur from network-level threats such as buffer overflow attacks, exploit of unpatched vulnerabilities, and exploit of system misconfiguration. Hackers could also introduce worms that infect unmanaged computers, which in turn could infect managed computers. ? Controls: Antivirus software, screening routers and firewalls, patch management, centrally managed security configurations, and other measures. ? Probability: High. Attacks have occurred and will likely happen again. ? Current Level of risk: There is a medium to high probability that within the next year, a successful attack will occur that could compromise the High Value and/or Highest Value data class. * * * 制定评估计划 评估计划分年度计划和具体的实施计划,前者通常是评估
您可能关注的文档
- 信息化在企业中定位V.ppt
- 信息化构建方案.doc
- 信息化管理在公路养护中的实践应用——以上海隧桥为例.doc
- 信息化融合安全分析海尔SCMERPCRM集成.ppt
- 信息化试点建设实施方案模板职校原方案.doc
- 信息化项目及进度管理培训讲义(定稿).doc
- 信息和知识资源.ppt
- 信息安全DES原理与应用介绍.ppt
- 信息安全嵌入式开发操作系统实训室谈判文件.doc
- 信息安全意识培训全体员工.ppt
- 2.2.1风蚀地貌公开课教案教学设计课件资料.pptx
- 15教学阅读公开课教案教学设计课件资料.doc
- 17十七、DNA的半保留复制公开课教案教学设计课件资料.pptx
- 考点38 自然保护区建设与生态安全公开课教案教学设计课件资料.doc
- 3科学试卷公开课教案教学设计课件资料.doc
- 光现象公开课教案教学设计课件资料.docx
- 第一部分 第七章 课时43 地质灾害公开课教案教学设计课件资料.docx
- 核心素养综合练3 区域认知公开课教案教学设计课件资料.doc
- 4.4国际合作教学设计2023-2024学年人教版(2019)高中地理选择性必修2公开课教案教学设计.docx
- 2.1.3滑坡、泥石流课件公开课教案教学设计课件资料.pptx
文档评论(0)