Information Security: A Practical Guide by Mooney Tom

Author:Mooney, Tom
Language: eng
Format: epub
ISBN: 978-1-84928-743-2
Publisher: IT Governance Publishing
Published: 2015-07-04T04:00:00+00:00

Likelihood

Likelihood is applied in much the same way – how often would a threat source look to attack our system using the methods defined in one of our risks? The following list describes the frequency of attack:

• Less than once a year

• At least once a year

• At least once every six months

• At least once a month

• At least once a week.

Risk Table

Realigning the Risk Level

You may be wondering at this point about the data that is to be hosted on the system and the impact if it is breached. It seems common sense that more sensitive data would have a higher risk category and non-sensitive data would have a lower risk category. However, unless you wish to compare risks from two separate systems then the realignment exercise is pointless as all risks would increase or decrease by the same amount. Instead, when discussing the risks I recommend setting the context of the risk be defining how critical the asset is. This can then drive the discussion on what risks we will fix, so, for high-risk systems we may want to fix all risks from low and above, and for low-risk systems we may only want to fix high risks and above.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.