3_Risk-Assessment-Process-Information-Security.pdfVIP专享VIP免费原创优质

下载本文档

阅读 144
下载 8
格式 pdf
大小 282.09 KB
约22页
2025-01-31 发布于陕西
收藏
评论
点赞(0)
海报
举报

3_Risk-Assessment-Process-Information-Security.pdf_第1页

3_Risk-Assessment-Process-Information-Security.pdf_第2页

3_Risk-Assessment-Process-Information-Security.pdf_第3页

/22

RiskAssessmentProcessInformationSecurityFebruary2014All-of-GovernmentRiskAssessmentProcess:InformationSecurityFebruary20142Crowncopyright©.ThiscopyrightworkislicensedundertheCreativeCommonsAttribution3.0NewZealandlicence.Inessence,youarefreetocopy,distributeandadaptthework,aslongasyouattributetheworktotheDepartmentofInternalAffairsandabidebytheotherlicenceterms.Toviewacopyofthislicence,visithttp://creativecommons.org/licenses/by/3.0/nz/.PleasenotethatneithertheDepartmentofInternalAffairsemblemnortheNewZealandGovernmentlogomaybeusedinanywaywhichinfringesanyprovisionoftheFlags,Emblems,andNamesProtectionAct1981orwouldinfringesuchprovisioniftherelevantuseoccurredwithinNewZealand.AttributiontotheDepartmentofInternalAffairsshouldbeinwrittenformandnotbyreproductionoftheDepartmentofInternalAffairsemblemorNewZealandGovernmentlogo.All-of-GovernmentRiskAssessmentProcess:InformationSecurityFebruary20143GlossaryofTermsAvailabilityEnsuringthatauthorisedusershavetimelyandreliableaccesstoinformation.ConfidentialityEnsuringthatonlyauthoriseduserscanaccessinformation.ConsequenceTheoutcomeofanevent.Theoutcomecanbepositiveornegative.However,inthecontextofinformationsecurityitisusuallynegative.ControlArisktreatmentimplementedtoreducethelikelihoodand/orimpactofarisk.GrossRiskTheriskwithoutanyrisktreatmentapplied.ImpactSeeConsequence.InformationSecurityEnsuresthatinformationisprotectedagainstunauthorisedaccessordisclosureusers(confidentiality),unauthorisedorimpropermodification(integrity)andcanbeaccessedwhenrequired(availability).IntegrityEnsuringtheaccuracyandcompletenessofinformationandinformationprocessingmethods.LikelihoodSeeProbability.ProbabilityThechanceofaneventoccurring.ResidualRiskTheriskremainingaftertherisktreatmenthasbeenapplied.RiskTheeffectofuncertaintyonthebusinessobjectives.Theeffectcanbepositiveornegative.However,inthecontextofinformationsecurityitisusuallynegative.RiskAppetiteTheamountofriskthattheorganisationiswillingtoacceptinpursuitofitsobjectives.RiskOwnerApersonorentitywiththeaccountabilityandauthoritytomanagearisk.Usuallythebusinessowneroftheinformationsystemorservice.StakeholderApersonororganisationthatcanaffect,beaffectedby,orperceivethemselvestobeaffectedbyariskeventuating.ThreatThepotentialcauseofarisk.ThreatAgentAnindividual,grouporeventthatcancauseathreattooccur.VulnerabilityAweaknessinaninformationsystemorservicethatcanbeexploitedbyathreat.All-of-GovernmentRiskAssessmentProcess:InformationSecurityFebruary20144Contents1Introduction5Overview52RiskAssessmentProcess6EstablishingtheContext6BusinessContext6TechnicalContext6RiskAnalysis8ImpactAssessment9LikelihoodAssessment9RiskRating9ControlsIdentificationandAssessment10RiskEvaluation11RiskTreatment123MonitoringandReview144CommunicationandConsultation14AppendixA–ThreatCatalogue15ThreatSources15AppendixB–ExampleRiskScalesandMatrix17Introduction17DevelopingandTailoringScales17RiskRatingScalesandMatrix18Impact(Consequences)Assessment18Likelihood(Probability)Assessment21RiskMatrix21RiskEscalation22TableoffiguresFigure1–ISO3100:2009RiskManagement5Figure2–TypesofControls10TableoftablesTable1–ThreatSources15Table2–ThreatAgentMotivation16Table3–SimpleImpactScale19Table4–DetailedImpactScale20Table5–LikelihoodScale21Table6–RiskMatrix22Table7–RiskEscalationandReporting22All-of-GovernmentRiskAssessmentProcess:Informa...

1、当您付费下载文档后，您只拥有了使用权限，并不意味着购买了版权，文档只能用于自身使用，不得用于其他商业用途（如 [转卖]进行直接盈利或[编辑后售卖]进行间接盈利）。
2、本站所有内容均由合作方或网友上传，本站不对文档的完整性、权威性及其观点立场正确性做任何保证或承诺！文档内容仅供研究参考，付费前请自行鉴别。
3、如文档内容存在违规，或者侵犯商业秘密、侵犯著作权等，请点击“违规举报”。

碎片内容