Risk assessment

Others 2020-09-18 10:10:23 views: null

Equal Insurance 2.0 requires wind evaluation, which needs to be done by the evaluation center-China Information Security Evaluation Center http://www.itsec.gov.cn/

What is risk assessment?
According to relevant international/national information security technical standards, assess the vulnerability of assets and information systems, the threats they face, and the possibility of the vulnerability being used by threat sources, and the confidentiality and integrity of the information processed, transmitted and stored after use The actual negative impact of sex and usability

Risk assessment steps (4 stages)

  1. Preparation stage : Mainly complete the work of project organization, project implementation plan determination, organization of training, and project start-up.
  2. Identification stage : It mainly completes a large amount of on-site identification work, mainly including asset identification, threat identification, vulnerability identification, and security measures identification.
  3. Analysis stage : A large number of sorting and analysis are carried out on the basis of identification, and the risk status of each element of the risk assessment is obtained, specifically including asset impact analysis, threat analysis, vulnerability analysis, and comprehensive risk analysis.
  4. Planning and acceptance stage : combing and analyzing comprehensive risks, formulating risk control plans, completing project delivery documents, and submitting customer discussion reports; obtaining customer approval of the project, and completing project acceptance.
step Specific content Input file Output file
Preparation Phase Project preparation, project start Security confidentiality agreement Risk assessment implementation plan
Recognition phase Asset identification, threat identification, vulnerability identification, security measures identification Vulnerability detection security service project implementation application Safety status survey report
Analysis phase Analyze the identified content Various questionnaires during identification Asset, threat, vulnerability assessment report; comprehensive risk assessment report
Planning acceptance stage Report evaluation results and acceptance Comprehensive Risk Assessment Report Risk control recommendations

Risk value calculation method
1. Asset * Threat * Vulnerability
2. Matrix calculation https://blog.csdn.net/suiyideAli/article/details/84076685

Risk Assessment Principle (3 Principles)
Standard Principle Principle of
Controllability Principle of
Minimum Impact

Risk assessment is based on various evaluation standards. For example, asset evaluation is determined by CIA (ie confidentiality, integrity, and availability) evaluation standards; threat evaluation is evaluated by evaluating the possibility of threats and using frequency to evaluate the evaluation. The
vulnerability assessment includes penetration. test

Guess you like

Origin blog.csdn.net/zzhokok/article/details/107317081
Recommended
TIOBE May list: Fortran “resurrected” into Top 10
GCC 14.1 released
Ranking
B. Little Girl and Game【1300 / 回文字符串 博弈论】
CIKERS Shane 20190613
"Javascript advanced programming" study notes - the constructor and prototype
beeline hiveserver2 start
springboot - Automatically backup mysql data every day
Data Storage Full Solution--Detailed Persistence Technology
Detailed Explanation of Spring Web MVC DispatcherServlet—Official Original
TCP / IP protocol layers structure and function
Command type literal pos: unknown; Fallback type literal pos: unknown] with root cause
Design of multifunctional curtain controller with indoor anti-theft alarm
Daily
More
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)

Code World

© 2018 codetd.com