freepeople性欧美熟妇, 色戒完整版无删减158分钟hd, 无码精品国产vα在线观看DVD, 丰满少妇伦精品无码专区在线观看,艾栗栗与纹身男宾馆3p50分钟,国产AV片在线观看,黑人与美女高潮,18岁女RAPPERDISSSUBS,国产手机在机看影片

正文內(nèi)容

一個(gè)識(shí)別信息安全風(fēng)險(xiǎn)的整體風(fēng)險(xiǎn)分析方法外文翻譯-展示頁(yè)

2024-11-13 08:34本頁(yè)面
  

【正文】 risk analysis must examine each of these aspects. As such, traditional risk analysis methods are seen as inadequate ., Halliday et al., 1996。 ., Gerber and von Solms, 2020. This paper examines the traditional risk analysis method, along with its strengths and limitations, and then proposes an alternative holistic method that addresses these limitationsThe paper is anized as follows. The next section defines risk and describes the purpose of a risk analysis. 167。4, followed by an example and the method39。5 descri bes evaluation criteria for a risk analysis and how it applies to the proposed method. 167。7. 2. RISK ANALYSIS Risk is defined as a the possibility of loss or injury, and b the liability for loss or injury if it occurs MerriamWebster Inc., 1996. Risk analysis, in the context of information security, is the process of examining a system and its operational context to determine possible exposures and the potential harm they can cause Pfleeger and Pfleeger, 2020. Risk management involves using the output from risk analysis to determine the selection and implementation of controls safeguards to reduce risk Gerber and von Solms, 2020. Risk analysis has traditionally been used in business for analyzing financial instruments and insurance products ., Baskerville, 1991。 Gerber and von Solms, 2020. In both cases, risk INFORMATION SECURITY The traditional method for conducting information security risk analysis is technologydriven ., Halliday et al., 1996。 Gerber and von Solms, 2020 because it focuses primarily on known threats to types of puting assets employed by an anization. This is due in large part to the historical origin of widelyused puter security guidelines NIST, Common Criteria, RAND Corp, ISO 17799, SSECMM that were initially developed for securing governmental and military puting infrastructures. Given that these leading security guidelines were not initially developed for information systems within a business environment, methods for identifying risks related to people internal and external to the anization and business processes are lackingFor the purposes of this paper, the word traditional is used to denote risk analysis practices generally cited in the literature as being the conventional r mon approach ., Halliday et al, 1996。 Suh and Han, 2020。 Tan, 2020。 Pfleeger and Pfleeger, 2020. Second, given that traditional risk analysis has focused primarily on technology, this aspect of security has been richly developed. For example, extensive lists of known threats and vulnerabilities to various technical assets are pubUcly available. These Hsts provide valuable guidance when conducting a risk analysis. Third, automated software packages are available that perform the detailed calculations and manage the risk analysis data. These software packages are based on the traditional method of risk analysis. Fourth, quantitative measures used in the traditional method can be used to support a costbenefit analysis of investments in security safeguards. This is, of course, provided the calculations are reasonably accurate. Finally, the traditional method of conducting a risk analysis for information security is closely related to risk analysis techniques employed in the financial and insurance sectors. This point, along with the mathematical foundation of the method, may add credibility3,2 Limitations of Traditional Risk Analysis The traditional risk analysis method for information security has several key limitations. First, this technologydriven method places very limited empha
點(diǎn)擊復(fù)制文檔內(nèi)容
公司管理相關(guān)推薦
文庫(kù)吧 www.dybbs8.com
備案圖鄂ICP備17016276號(hào)-1