Risk assessment is one of four steps in the risk managed process agencies should undertake in securing their computer networks, says the National Institute of Standards and Technology. A risk assessment should include an explicit risk model, an assessment approach, and an analysis approach, the draft document states. The assessment approach can be done in one of three ways, the draft says--quantitatively, qualitatively, or semi-quantitatively.
A quantitative assessment best supports cost-benefit analysis of alternative risk responses, the draft says, but adds that the meaning of quantitative results may not always be clear and may require a qualitative interpretation.
The draft also recognizes three organization levels to which risk assessment can be applied--organizationwide, mission and business processes, and information systems.


19 a draft publication meant to guide agencies in performing risk assessments, stating that it will accept public comment through Nov. Each has its advantages and disadvantages and the preferred approach will be a result of organizational culture and attitudes toward the concept of uncertainty and risk communication, the draft says. A qualitative assessment that assigns non-numerical categories such as "very low risk" to "very high risk" may be good at communicating assessment results, the draft says, but it makes the relative prioritization of risks difficult.
Information systems are the lowest tier, where risk is tactical; the organization tier is the first, and risk there is strategic.
Each orientation can potentially overlook risks, the draft says, so performing two analyses improves rigor and effectiveness.


For example a key server being taken offline is a threat event, but sources can be as diverse as a denial-of-service attack and power failure.



Erp safety
Arizona wildfire facts
Natural catastrophic events 2012


Comments

  1. 30.03.2014 at 21:18:42


    Rated by some as the quantity a single survival.

    Author: eee
  2. 30.03.2014 at 11:11:42


    Few hours proper up to a week, just depends.

    Author: iko_Silent_Life
  3. 30.03.2014 at 22:33:52


    Going to do throughout a disaster for water groups of directions that enterprise than an innate.

    Author: raxul